Platform
php
Component
cve-2025-x
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Job Recruitment versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The vulnerability resides within the /parse/loaduser-profile.php file and can be exploited remotely. A patch is available in version 1.0.1.
Successful exploitation of CVE-2025-1190 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the Job Recruitment application. The attacker could potentially steal sensitive user data, such as login credentials or personal information, and use it for further malicious purposes. The impact is amplified if the application is used to manage sensitive job applicant data.
CVE-2025-1190 was publicly disclosed on 2025-02-12. No public proof-of-concept (PoC) code has been identified at the time of writing. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but the potential impact warrants prompt remediation. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.28% (51% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1190 is to upgrade Job Recruitment to version 1.0.1 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /parse/loaduser-profile.php file to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a temporary layer of protection. Regularly review and update security configurations to minimize the attack surface.
Update to a patched version or apply the security measures provided by the vendor. Escape or sanitize user inputs in `/parse/load_user-profile.php` to prevent malicious code injection. Validate and sanitize all input parameters to avoid XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1190 is a cross-site scripting (XSS) vulnerability affecting Job Recruitment versions 1.0 through 1.0, allowing attackers to inject malicious scripts.
Yes, if you are using Job Recruitment version 1.0 or 1.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade Job Recruitment to version 1.0.1 or later. As a temporary workaround, implement input validation and output encoding.
No active exploitation has been confirmed at this time, but prompt remediation is still recommended.
Refer to the code-projects website or security mailing lists for the official advisory regarding CVE-2025-1190.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.