CVE-2025-0961

A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS v3.0 5.4 MEDIUM

5.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://code-projects.org/	Product
https://github.com/J0hnFFFF/j0hn_upload_one/blob/main/xss.pdf	Exploit Third Party Advisory
https://vuldb.com/?ctiid.294356	Permissions Required VDB Entry
https://vuldb.com/?id.294356	Third Party Advisory VDB Entry
https://vuldb.com/?submit.491789	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:anisha:job_recruitment:1.0:*:*:*:*:*:*:*

History

28 May 2025, 17:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:anisha:job_recruitment:1.0:::::::*
First Time		Anisha Anisha job Recruitment
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
References	~~() https://vuldb.com/?ctiid.294356 -~~	() https://vuldb.com/?ctiid.294356 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.294356 -~~	() https://vuldb.com/?id.294356 - Third Party Advisory, VDB Entry
References	~~() https://code-projects.org/ -~~	() https://code-projects.org/ - Product
References	~~() https://vuldb.com/?submit.491789 -~~	() https://vuldb.com/?submit.491789 - Third Party Advisory, VDB Entry
References	~~() https://github.com/J0hnFFFF/j0hn_upload_one/blob/main/xss.pdf -~~	() https://github.com/J0hnFFFF/j0hn_upload_one/blob/main/xss.pdf - Exploit, Third Party Advisory

10 Feb 2025, 13:15

Type	Values Removed	Values Added
Summary	A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS	v2 : ~~unknown~~ v3 : ~~3.5~~	v2 : unknown v3 : unknown
CWE	CWE-94 CWE-79

01 Feb 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-01 23:15

Updated : 2025-05-28 17:17

NVD link : CVE-2025-0961

Mitre link : CVE-2025-0961

JSON object : View

Products Affected

anisha

job_recruitment

CWE

No CWE.

5.4 /10