Platform
php
Component
tutorial
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in Client Details System version 1.0. This flaw allows a remote attacker to inject malicious scripts, potentially leading to session hijacking or defacement of the application. The vulnerability resides within an unknown function of the /admin/manage-users.php file. Affected versions include 1.0, and a fix is available in version 1.0.1.
Successful exploitation of this XSS vulnerability allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can be leveraged to steal sensitive information, such as session cookies, redirect users to malicious websites, or modify the content displayed on the application. Given the location of the vulnerable file (/admin/manage-users.php), an attacker could potentially target administrators, gaining elevated privileges and access to sensitive data. The public availability of an exploit significantly increases the risk of widespread exploitation.
A public proof-of-concept (PoC) for this vulnerability is available, indicating a relatively high likelihood of exploitation. The vulnerability was publicly disclosed on 2025-10-27. While the CVSS score is LOW (2.4), the availability of a PoC and the potential for administrator targeting elevate the risk. No KEV listing or confirmed exploitation campaigns have been reported at this time.
Exploit Status
EPSS
0.08% (23% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-12282 is to upgrade to version 1.0.1 of Client Details System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /admin/manage-users.php page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Review and harden access controls to the /admin/manage-users.php page to limit potential attack surface.
Update to a patched version of the software. If no version is available, review the code in /admin/manage-users.php and apply the necessary security measures to prevent malicious code injection through user input. Escape or sanitize user inputs before displaying them on the page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-12282 is a cross-site scripting (XSS) vulnerability in Client Details System 1.0 that allows remote attackers to inject malicious scripts via the /admin/manage-users.php file.
You are affected if you are running Client Details System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the /admin/manage-users.php page.
A public proof-of-concept is available, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
Refer to the Client Details System vendor's website or security advisory page for the official advisory regarding CVE-2025-12282.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.