Cross-Site Scripting Vulnerability in Code-Projects Client Details System
CVE-2025-12279

4.8MEDIUM

Key Information:

Vendor: Code-projects
Status: Client Details System
Vendor: CVE Published:; 27 October 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-12279?

A significant cross-site scripting vulnerability has been identified in the Code-Projects Client Details System version 1.0. The issue resides in the welcome.php file, where improper handling of user input can allow an attacker to inject malicious scripts. This exploitation can be conducted remotely, potentially compromising user sessions or redirecting users to harmful sites. The vulnerability has been publicly disclosed, highlighting the need for users to update their systems promptly to mitigate risks.

Affected Version(s)

Client Details System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-12279 - Proof of Concept