Cross Site Scripting Vulnerability in Sourcecodester Zoo Management System
CVE-2025-65881

6.1MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Zoo Management System
Vendor: CVE Published:; 2 December 2025

🔔 Create Sourcecodester Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-65881?

The Sourcecodester Zoo Management System v1.0 is prone to a Cross Site Scripting (XSS) vulnerability in the Login.php file within the classes directory. Attackers could exploit this flaw to inject malicious scripts into web pages viewed by other users, potentially compromising user data and session integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-65881
Created by MMAKINGDOM

References

https://gist.github.com/MMAKINGDOM/17b85a6e077f08134ee968...

https://github.com/MMAKINGDOM/CVE-2025-65881/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2025
🟡
Public PoC available
Nov 28, 2025
👾
Exploit known to exist
Nov 28, 2025
Vulnerability Reserved
Nov 18, 2025

JSON