Cross Site Scripting Vulnerability in Code-Projects Job Recruitment Application
CVE-2025-0806
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 29 January 2025
Badges
What is CVE-2025-0806?
A cross site scripting vulnerability has been identified in Code-Projects Job Recruitment version 1.0, specifically within the file _call_job_search_ajax.php. This flaw allows remote attackers to manipulate the job_type argument, potentially executing arbitrary scripts in the context of a user's browser. Given its public disclosure, it poses an increased risk, as attackers may exploit this vulnerability to perform attacks against unsuspecting users.
Affected Version(s)
Job Recruitment 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved