CVE-2025-5651: code-projects Traffic Offense Reporting System saveuser.php cross site scripting

3.5 CVSS

Description

A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in code-projects Traffic Offense Reporting System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei saveuser.php. Mittels Manipulieren des Arguments user_id/username/email/name/position mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-5651

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Problem Types

Cross Site Scripting Code Injection

Affected Products

Vendor: code-projects

Product: Traffic Offense Reporting System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.19% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5651
https://vuldb.com/?id.311141
https://vuldb.com/?ctiid.311141
https://vuldb.com/?submit.589962
https://github.com/tuooo/CVE/issues/1
https://code-projects.org/

Timeline

2025-06-05 11:40:21 UTC
CVE

code-projects Traffic Offense Reporting System saveuser.php cross site scripting