Primary

Context

Code-Projects Document Management System Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Document Management System version 1.0. This issue allows attackers to steal admin cookie information by injecting malicious XSS code into the Company field while uploading files.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts can be executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, an admin user must add a document and enter a script tag containing JavaScript code, such as an alert command, into the Company field. Once the document is saved, the injected script will execute, demonstrating the XSS vulnerability by accessing and alerting the admin's cookie information.

Added: Sep 16, 2025, 3:40 PM

Updated: Sep 16, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.3

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.3

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Document Management System Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating