CVE-2025-60302
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability has been found in code-projects Client Details System 1.0. Malicious JavaScript code can be injected into the username field when adding customer information.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other unauthorized actions within the victim's browser context.
Recommendation
Immediately update the system to the latest version or implement input filtering and validation for the username field.
Original NVD description (English source)
code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.

