CVE-2025-14205
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14205
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
code-projects chamber_of_commerce_membership_management_system 1.0
fabian chamber_of_commerce_membership_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by searching for the presence of the vulnerable file /membership_profile.php in the code-projects Chamber of Commerce Membership Management System version 1.0. Additionally, Google dorking can be used with the query 'inurl:membership_profile.php' to identify potentially vulnerable targets. To test for the vulnerability, you can attempt to inject typical XSS payloads into the Full Name, Address, City, or State fields and observe if the input is reflected unsanitized in the HTML output. For example, using curl or wget to send crafted HTTP requests with script tags in these parameters and checking the response for reflected scripts can help detect the issue. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the affected component with an alternative product, as no known countermeasures or patches have been documented. Additionally, applying proper input validation and output encoding (such as using htmlspecialchars() in PHP) on the Full Name, Address, City, and State fields in /membership_profile.php can help prevent the XSS vulnerability. Restricting user input to safe characters and sanitizing all user-controllable inputs before rendering them in HTML output is recommended. Until a fix is applied, limiting access to the vulnerable page and monitoring for suspicious activity may reduce risk. [1, 4]

Executive Summary

This vulnerability is a cross-site scripting (XSS) issue found in the Chamber of Commerce Membership Management System 1.0, specifically in the /membership_profile.php file within the Your Info Handler component. It occurs when an attacker manipulates input fields such as Full Name, Address, City, or State, allowing malicious scripts to be executed remotely.

Impact Analysis

The vulnerability can allow an attacker to execute malicious scripts in the context of the affected web application, potentially leading to unauthorized actions performed on behalf of legitimate users, session hijacking, or defacement. However, the CVSS scores indicate a low to moderate impact, with no confidentiality or availability impact but some integrity impact.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart