CVE-2025-14205 | THREATINT

Description

A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

PUBLISHED Reserved 2025-12-07 | Published 2025-12-07 | Updated 2025-12-08 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

LOW: 2.4CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

LOW: 2.4CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

3.3AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Cross Site Scripting

Code Injection

Product status

1.0

affected

Timeline

2025-12-07:	Advisory disclosed
2025-12-07:	VulDB entry created
2025-12-07:	VulDB entry last update

Credits

H1mm (VulDB User) reporter

References

vuldb.com/?id.334648 (VDB-334648 | code-projects Chamber of Commerce Membership Management System Your Info membership_profile.php cross site scripting) vdb-entry technical-description

vuldb.com/?ctiid.334648 (VDB-334648 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.700421 (Submit #700421 | code-projects Chamber of Commerce Membership Management System In PHP With Source Code V1.0 Improper Neutralization of Alternate XSS Syntax) third-party-advisory

www.yuque.com/u42535181/pm5nde/ky49h1xg6si9d3m8 exploit

code-projects.org/ product

cve.org (CVE-2025-14205)

nvd.nist.gov (CVE-2025-14205)

Download JSON