VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Oct 27, 2025· Updated Apr 29, 2026

CVE-2025-12244

CVE-2025-12244

Description

A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Simple E-Banking System 1.0's register.php has a stored XSS vulnerability via the Username parameter, allowing remote attackers to execute arbitrary JavaScript.

The vulnerability is a stored cross-site scripting (XSS) issue in the register.php file of code-projects Simple E-Banking System 1.0. The Username parameter is not sanitized before being stored and later echoed in the registration process [1].

An attacker can register a username containing malicious JavaScript, such as ``. When the system processes the registration, the script is executed in the browser of any user visiting the page that displays the username [1]. The attack is remote and does not require authentication.

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to theft of cookies, session tokens, or other sensitive information [1].

The vendor has not released a patch as of publication. Users should sanitize input or apply proper encoding. The exploit is publicly available [1].

References
  1. cve/xss5.md at main · asd1238525/cve

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.