CVE-2025-6353
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | responsive_blog_site | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6353 is a stored Cross-Site Scripting (XSS) vulnerability in version 1.0 of the code-projects Responsive Blog software, specifically in the /search.php file. It occurs because the 'keyword' parameter is not properly sanitized, allowing attackers to inject malicious scripts that are stored and later executed in users' browsers. This enables remote attackers to execute arbitrary scripts in the context of users visiting the site. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to execute malicious scripts in users' browsers, potentially leading to theft of sensitive client-side information such as cookies and session tokens. This can compromise user accounts, lead to unauthorized actions on behalf of users, and damage the integrity of the application. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable software version 1.0 of code-projects Responsive Blog running the /search.php file. One detection method is using Google hacking techniques such as searching for 'inurl:search.php' to find potentially vulnerable targets. Additionally, testing the 'keyword' parameter in /search.php for reflected or stored cross-site scripting by injecting typical XSS payloads can help confirm the vulnerability. No specific network commands are provided, but manual or automated web application scanning tools targeting XSS in the 'keyword' parameter can be used. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected software with an alternative product, as no known countermeasures or mitigations have been documented. Additionally, applying input sanitization and validation on the 'keyword' parameter in /search.php to neutralize malicious scripts can help prevent exploitation. Until a patch or update is available, restricting access to the vulnerable endpoint or disabling the search functionality may reduce risk. [2]