CVE-2025-60302 — Cross-site Scripting in Client Details System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 90.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fabian Client Details System

Timeline

PublishedOct 9

Description

code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDfabian/client_details_system1.0

🔴Vulnerability Details

CVEList

CVE-2025-60302: code-projects Client Details System 1↗2025-10-09

▶

GHSA

GHSA-fq7f-prvj-g7c3: code-projects Client Details System 1↗2025-10-09

▶