CVE-2025-9929 MEDIUM

CVE-2025-9929: code-projects Responsive Blog Site blogs_view.php cross site scripting

Vendor Code-Projects

Product Responsive Blog Site

Weakness CWE-79 · XSS

Published September 3, 2025

Last update September 4, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogs_view.php. Executing manipulation of the argument product_code/gen_name/product_name/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.

Key dates

02Disclosure timeline

September 3, 2025 CVE published

September 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9929 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-59549 WordPress GetResponse Forms Plugin <= 2.6.0 - Cross Site Scripting (XSS) Vulnerability CVE-2024-3063 WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-0609 Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'logo-slider' Shortcode CVE-2025-9734 O2OA Personal Profile stat cross site scripting CVE-2024-10015 ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter