CVE-2025-63442
MEDIUMSimple User Management System with PHP-MySQL v1.0 - XSS
Title source: llmDescription
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/sanin-s1r3n/CVE-Research/blob/main/CVE-5
Scores
CVSS v3
4.6
EPSS
0.0003
EPSS Percentile
7.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
nababur/simple-user-management-system
1.0
Published
Nov 03, 2025
Tracked Since
Feb 18, 2026