CVE-2025-9439
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9439
EUVD
EUVD-2025-28856
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
1000projects online_student_project_report_submission_and_evaluation_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9439 is a Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Online Project Report Submission and Evaluation System, specifically in the file /rse/admin/edit_faculty.php?id=2. The vulnerability occurs because the application outputs user-supplied input from the 'name' parameter directly into the web page without proper encoding or filtering. This allows attackers to inject and execute arbitrary malicious JavaScript code in the victim's browser without needing authentication or authorization. [1]

Impact Analysis

This vulnerability can lead to theft of cookies, session tokens, and sensitive information. Attackers can perform unauthorized actions on behalf of the victim, deface webpages, redirect users to malicious sites, and potentially fully compromise the victim's browser. This poses a severe threat to user privacy and system security. [1]

Detection Guidance

This vulnerability can be detected by testing the /rse/admin/edit_faculty.php?id=2 endpoint for reflected cross-site scripting (XSS) by injecting payloads such as <script>alert('XSS')</script> into the 'name' parameter and observing if the script executes. You can use tools like curl or browser-based testing to send POST requests with the payload. For example, using curl: curl -X POST -d "name=<script>alert('XSS')</script>" https://your-target/rse/admin/edit_faculty.php?id=2 and checking if the alert triggers or if the response contains the injected script unencoded. Additionally, automated scanners that detect XSS vulnerabilities can be used to identify this issue. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Implement context-appropriate output encoding to ensure user input is treated as text, not executable code. 2) Enforce strict input validation and filtering to reject or sanitize malicious content such as script tags. 3) Deploy a strict Content Security Policy (CSP) to restrict allowable script sources and prevent execution of unauthorized scripts. 4) Set Secure and HttpOnly flags on sensitive cookies to prevent JavaScript access and ensure secure transmission. 5) Conduct regular security audits to detect and remediate XSS and other vulnerabilities promptly. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9439. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart