Cross Site Scripting Vulnerability in Wazifa System by code-projects
CVE-2025-1209
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 12 February 2025
Badges
What is CVE-2025-1209?
A cross site scripting (XSS) vulnerability has been identified in the Wazifa System 1.0. This flaw resides in the 'searchuser' function located in the '/search_resualts.php' file. By manipulating the 'firstname' and 'lastname' parameters, an attacker can execute malicious scripts remotely. As this vulnerability has been made public, there is potential for exploitation, highlighting the urgent need for users to secure their systems against such attacks.
Affected Version(s)
Wazifa System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved