1.0.1
CVE-2025-1208 is a cross-site scripting (XSS) vulnerability identified in Wazifa System versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data. A fix is available in version 1.0.1, addressing this security concern.
Successful exploitation of CVE-2025-1208 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Wazifa System application. This can lead to various malicious activities, including session hijacking, phishing attacks, and defacement of the application's interface. Sensitive user data, such as login credentials or personal information, could be stolen. The impact is amplified if the Wazifa System is used to manage sensitive data or interacts with other critical systems, potentially enabling lateral movement within the network.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact warrant prompt remediation. No known active campaigns targeting this specific CVE have been reported as of the publication date. The vulnerability is not listed on CISA KEV as of this writing.
Exploit Status
EPSS
0.27% (50% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1208 is to upgrade Wazifa System to version 1.0.1 or later, which contains the necessary fix. If immediate upgrading is not possible, consider implementing input validation and output encoding on the /Profile.php endpoint to sanitize user-supplied data. Web application firewalls (WAFs) can be configured with rules to detect and block XSS attempts targeting this specific vulnerability. Regularly review and update Wazifa System's security configuration to minimize the attack surface. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the postcontent parameter of /Profile.php.
Update to a patched version or apply the necessary security measures to prevent code injection (XSS) in the 'postcontent' parameter of the '/Profile.php' file. Validate and sanitize user inputs before displaying them on the page to prevent the execution of malicious scripts. If a patched version is not available, implement an HTML escaping function in the PHP code to encode special characters.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1208 is a cross-site scripting (XSS) vulnerability in Wazifa System versions 1.0–1.0, allowing attackers to inject malicious scripts via the /Profile.php file.
Yes, if you are using Wazifa System version 1.0 or 1.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade Wazifa System to version 1.0.1 or later. As a temporary workaround, implement input validation and output encoding on the /Profile.php endpoint.
While no active campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the Wazifa System project's official website or security advisories for the most up-to-date information and guidance.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.