PT-2025-34728 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Ustc-L1Nk

Published

2025-08-26

Updated

2025-08-26

CVE-2025-9438

Report an issue

CVSS v2.0

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions:

1000projects Online Project Report Submission and Evaluation System version 1.0

Description:

A security flaw exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. The manipulation of the `address` argument in the `/admin/add student.php` file results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

XSS

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2025-9438

Affected Products

1000Projects Online Project Report Submission/Evaluation System

PT-2025-34728 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Weakness Enumeration

Related Identifiers

Affected Products

References · 8