Cross Site Scripting Vulnerability in Chamber of Commerce Membership Management System by Code-Projects
CVE-2025-14205

4.8MEDIUM

Key Information:

Vendor

Code-projects

Status
Chamber Of Commerce Membership Management System
Vendor
CVE Published:
7 December 2025

What is CVE-2025-14205?

A cross site scripting vulnerability exists in the Chamber of Commerce Membership Management System 1.0, specifically within the /membership_profile.php file's Your Info Handler component. This flaw allows attackers to manipulate user input fields such as Full Name, Address, City, and State, potentially leading to the execution of malicious scripts in users' browsers. The vulnerability can be exploited remotely, posing significant security risks to affected systems. Although the exploit details have been made public, organizations can take steps to mitigate risks by applying patches and reviewing input validation processes.

Affected Version(s)

Chamber of Commerce Membership Management System 1.0

References

https://vuldb.com/?id.334648
vdb-entrytechnical-description
https://vuldb.com/?ctiid.334648
signaturepermissions-required
https://vuldb.com/?submit.700421
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

H1mm (VulDB User)
JSON
.
CVE-2025-14205 : Cross Site Scripting Vulnerability in Chamber of Commerce Membership Management System by Code-Projects