CVE-2025-56289
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability was found in code-projects Document Management System 1.0. An attacker can inject malicious JavaScript code in the "Company" field when adding files, allowing theft of the admin's session cookies.
Risk Assessment
The risk involves potential session hijacking of the administrator, which could lead to unauthorized access to sensitive documents and data within the system.
Recommendation
Immediately update the system to the latest version or apply a patch that fixes the XSS vulnerability. Additionally, implement input validation and use Content Security Policy headers.
Original NVD description (English source)
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field when adding files.

