Cross-Site Scripting Vulnerability in SourceCodester Online Polling System
CVE-2025-10075

5.1MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Online Polling System
Vendor
CVE Published:
8 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10075?

A security flaw has been identified in the SourceCodester Online Polling System version 1.0, specifically within the function located in the /manage-profile.php file. This vulnerability allows an attacker to manipulate the 'firstname' parameter, leading to a cross-site scripting (XSS) attack. Such an exploit can be executed remotely, posing significant risks as it allows the injection of malicious scripts into web pages viewed by other users. The exploit details have been publicly disclosed, which increases the urgency for organizations using this system to address the vulnerability promptly.

Affected Version(s)

Online Polling System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10075 - Proof of Concept

References

https://vuldb.com/?id.323023
vdb-entrytechnical-description
https://vuldb.com/?ctiid.323023
signaturepermissions-required
https://vuldb.com/?submit.644503
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

quchunyi1 (VulDB User)
.
CVE-2025-10075 : Cross-Site Scripting Vulnerability in SourceCodester Online Polling System