Plataforma
php
Corrigido em
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Job Recruitment versions 1.0 through 1.0. This flaw resides within the /parse/feedback_system.php file and allows attackers to inject malicious scripts via manipulation of argument types. The vulnerability is exploitable remotely and has been publicly disclosed, potentially exposing user data and system integrity.
Successful exploitation of CVE-2025-0530 allows an attacker to inject arbitrary JavaScript code into the Job Recruitment application. This can lead to various malicious outcomes, including session hijacking, defacement of the application's user interface, and redirection to phishing sites. The attacker could potentially steal sensitive user data, such as login credentials or personal information, if it's handled within the application. The scope of impact depends on the application's functionality and the privileges of the affected user; a privileged user could grant the attacker broader access.
CVE-2025-0530 has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant prompt remediation. No known active campaigns or KEV listing at the time of writing. Public proof-of-concept code may be available, making it easier for attackers to exploit the vulnerability.
Organizations using Job Recruitment 1.0, particularly those with publicly accessible instances or those handling sensitive user data, are at risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as a compromise of one user's instance could potentially impact others.
• php / web:
curl -I 'http://your-target.com/_parse/_feedback_system.php?param=<script>alert(1)</script>' | grep -i 'content-type'• generic web:
curl -s 'http://your-target.com/_parse/_feedback_system.php?param=<script>alert(1)</script>' | grep 'alert(1)'disclosure
Status do Exploit
EPSS
0.14% (percentil 35%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-0530 is to upgrade Job Recruitment to version 1.0.1 or later, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing input validation and sanitization on the /parse/feedback_system.php endpoint to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Review and update any existing security policies to reinforce secure coding practices.
Actualice a una versión parcheada o implemente una validación y sanitización adecuadas de las entradas del usuario en el archivo /_parse/_feedback_system.php para evitar la inyección de código malicioso. Considere utilizar funciones de escape específicas del contexto para la salida de datos.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-0530 is a cross-site scripting (XSS) vulnerability in Job Recruitment versions 1.0 through 1.0, affecting the /parse/feedback_system.php file. Attackers can inject malicious scripts by manipulating argument types.
You are affected if you are using Job Recruitment version 1.0. Upgrade to version 1.0.1 or later to mitigate the vulnerability.
Upgrade Job Recruitment to version 1.0.1 or later. As a temporary measure, implement input validation and sanitization on the /parse/feedback_system.php endpoint.
While no active campaigns are confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation. Monitor your systems for suspicious activity.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-0530.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.