CVE Details
Basic Information
| Title |
code-projects Traffic Offense Reporting System saveuser.php cross site scripting |
| Type |
cve |
| Published |
2025-06-05T10:00:19.573Z |
| Last Seen |
|
Product Information
| Vendor |
code-projects |
| Product |
Traffic Offense Reporting System |
| Version |
1.0 |
CVSS Information
| Base Score |
5.1 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A cross-site scripting (XSS) vulnerability in the Traffic Offense Reporting System version 1.0 allows remote attackers to inject scripts via the user_id, username, email, name, or position arguments in saveuser.php. This is a medium severity issue that could lead to session hijacking or unauthorized actions. |
| AI Severity |
Medium |
| Vendor |
code-projects |
| Product |
Traffic Offense Reporting System |
| Affected Version |
1.0 |
Additional Information
| CVE List |
|
| CWE List |
CWE-79, CWE-94 |
| Bulletin Family |
|
| Source Data |
code-projects Traffic Offense Reporting System 1.0 |
Source Information
| Source Data |
code-projects Traffic Offense Reporting System 1.0 |
| Source Link |
|
Description
A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
View Full CVE Details
