Cross-Site Scripting Vulnerability in code-projects Responsive Blog Site
CVE-2025-9929

4.8MEDIUM

Key Information:

Vendor

Code-projects

Status
Responsive Blog Site
Vendor
CVE Published:
3 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-9929?

A vulnerability has been discovered in the code-projects Responsive Blog Site version 1.0. The flaw resides in the handling of parameters within the blogs_view.php file, where improper validation allows for cross-site scripting attacks. By manipulating the argument fields such as product_code, gen_name, product_name, or supplier, an attacker could execute arbitrary JavaScript in the context of the user's browser. This issue can be exploited remotely and poses a significant risk, as it may enable the execution of malicious scripts that can lead to data theft or user session hijacking. The exploit has been disclosed publicly, amplifying the urgency for users to implement mitigations.

Affected Version(s)

Responsive Blog Site 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9929 - Proof of Concept

References

https://vuldb.com/?id.322331
vdb-entrytechnical-description
https://vuldb.com/?ctiid.322331
signaturepermissions-required
https://vuldb.com/?submit.642586
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

111ctx (VulDB User)
.
CVE-2025-9929 : Cross-Site Scripting Vulnerability in code-projects Responsive Blog Site