CVE-2025-1190

CWE-79 — Cross-site Scripting (XSS)CWE-94 — Code Injection3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.3%

top 48.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects JOB Recruitment Anisha JOB Recruitment

Timeline

PublishedFeb 12

Description

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/load_user-profile.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Multiple parameters might be affected.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/job_recruitment1.0

▶NVDanisha/job_recruitment1.0

🔴Vulnerability Details

GHSA

GHSA-395x-8q95-8h46: A vulnerability has been found in code-projects Job Recruitment 1↗2025-02-12

▶

CVEList

code-projects Job Recruitment load_user-profile.php cross site scripting↗2025-02-12

▶