CVE-2025-0530

CVE-2025-0530 is a cross-site scripting (XSS) vulnerability in code-projects Job Recruitment 1.0, affecting unknown code within the file /_parse/_feedback_system.php. The flaw stems from manipulation of the "type" argument, resulting in reflected XSS, and is classified as problematic with a CVSS v3.1 base score of 3.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N). It is associated with CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-94 (Improper Control of Generation of Code).

A remote attacker with low privileges can exploit this vulnerability by manipulating the "type" argument, though it requires user interaction to succeed. Exploitation enables limited integrity impact, such as injecting malicious scripts into web pages viewed by users, potentially leading to session hijacking or phishing in the context of the application's feedback system.

Advisories reference the project site at code-projects.org, a GitHub repository containing exploit details at github.com/ha0day125/cve/blob/main/xss-ha0day.md, and multiple VulDB entries (vuldb.com/?ctiid.292414, vuldb.com/?id.292414, vuldb.com/?submit.478674). The exploit has been publicly disclosed and may be used by attackers. No patches or specific mitigations are detailed in the available information.