CVE-2025-9939 MEDIUM

CVE-2025-9939: CodeAstro Real Estate Management System propertyview.php cross site scripting

Vendor Codeastro

Product Real Estate Management System

Weakness CWE-79 · XSS

Published September 4, 2025

Last update September 4, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

September 4, 2025 CVE published

September 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9939

Related vulnerabilities

04Related CVE

CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name CVE-2021-32859 Baremetrics date range picker vulnerable to Cross-site Scripting CVE-2024-11410 Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS) CVE-2025-2375 PHPGurukul Human Metapneumovirus Testing Management System Admin Profile Page profile.php cross site scripting