CVE-2025-8340 MEDIUM

CVE-2025-8340: code-projects Intern Membership Management System Error Message fill_details.php cross site scripting

Vendor Code-Projects

Product Intern Membership Management System

Weakness CWE-79 · XSS

Published July 31, 2025

Last update July 31, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

July 31, 2025 CVE published

July 31, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-8340

Related vulnerabilities

04Related CVE

CVE-2024-0598 Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings CVE-2025-10345 HTML injection in Perfex CRM CVE-2024-5662 Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget CVE-2023-28751 WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) CVE-2024-7124 Reflected XSS in DInGO dLibra