CVE-2025-60304
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability was found in the Subject Description field of code-projects Simple Scheduling System 1.0. It allows injection of malicious JavaScript code into the page.
Risk Assessment
An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's browser context, compromising data confidentiality and integrity.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and sanitization for the Subject Description field.
Original NVD description (English source)
code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.

