CVE Catalog

CVE-2025-60304

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability was found in the Subject Description field of code-projects Simple Scheduling System 1.0. It allows injection of malicious JavaScript code into the page.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or perform other actions in the victim's browser context, compromising data confidentiality and integrity.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and sanitization for the Subject Description field.

Original NVD description (English source)

code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS