Platform
php
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Real Estate Property Management System, affecting versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The issue resides within the /search.php file, specifically in an unknown function where the PropertyName argument is vulnerable. A fix is available in version 1.0.1.
Successful exploitation of CVE-2025-1196 allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and redirection to phishing sites. The attacker could potentially steal sensitive information displayed within the Real Estate Property Management System, such as property details, user contact information, or financial data. The scope of impact depends on the privileges of the affected user; an administrator account compromise would grant the attacker extensive control over the system.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant prompt attention. No known active campaigns targeting this specific vulnerability have been reported at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1196 is to upgrade to version 1.0.1 of the Real Estate Property Management System. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the PropertyName parameter within the /search.php file. This can help prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security policies and conduct penetration testing to identify and address potential vulnerabilities.
Update the Real Estate Property Management System to a patched version that resolves the XSS vulnerability. If no version is available, review and filter the inputs of the PropertyName parameter in the /search.php file to prevent the injection of malicious code. Consider implementing additional security measures such as output encoding.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1196 is a cross-site scripting (XSS) vulnerability in Real Estate Property Management System versions 1.0–1.0, allowing attackers to inject malicious scripts via the PropertyName parameter in /search.php.
You are affected if you are using Real Estate Property Management System version 1.0 or 1.0. Check your version and upgrade immediately if vulnerable.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the PropertyName parameter in /search.php.
While no active campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the code-projects website or relevant security forums for the official advisory regarding CVE-2025-1196.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.