CVE Daily

CVE-2025-8934

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Aff...

Medium CVSS 4.3

Overview

A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CWE: CWE-79 Published: 2025-08-14T04:16:01.443
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.3 (MEDIUM)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags