Cross-Site Scripting Vulnerability in Code-Projects Public Chat Room by Code-Projects
CVE-2025-7951

5.1MEDIUM

Key Information:

Vendor: Code-projects
Status: Public Chat Room
Vendor: CVE Published:; 22 July 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7951?

A vulnerability has been identified in the Public Chat Room application version 1.0, where improper validation of user input in the /send_message.php file can lead to cross-site scripting (XSS) attacks. An attacker could exploit this flaw by sending crafted messages that execute arbitrary scripts in the user's browser. This vulnerability allows for remote attacks, posing a significant risk to user data confidentiality and integrity, especially after being publicly disclosed. It is crucial for users and administrators to apply necessary patches or mitigate the risk through security best practices.

Affected Version(s)

Public Chat Room 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7951 - Proof of Concept