Skip to main content

Simple Scheduling System

1 CVEs product

Monthly

CVE-2025-60304 MEDIUM POC This Month

Stored Cross-Site Scripting in code-projects Simple Scheduling System 1.0 allows an attacker to inject arbitrary JavaScript via the Subject Description field, which executes in victims' browsers when they view the affected page. The scope change in the CVSS vector (S:C) confirms the script runs in a different security context than where the payload is injected, enabling session hijacking, credential theft, or malicious redirects against users of the application. A publicly available proof-of-concept exploit exists, though exploitation probability remains low (EPSS 0.22%) and no confirmed active exploitation is recorded.

XSS Simple Scheduling System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Stored Cross-Site Scripting in code-projects Simple Scheduling System 1.0 allows an attacker to inject arbitrary JavaScript via the Subject Description field, which executes in victims' browsers when they view the affected page. The scope change in the CVSS vector (S:C) confirms the script runs in a different security context than where the payload is injected, enabling session hijacking, credential theft, or malicious redirects against users of the application. A publicly available proof-of-concept exploit exists, though exploitation probability remains low (EPSS 0.22%) and no confirmed active exploitation is recorded.

XSS Simple Scheduling System
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy