High severity7.6NVD Advisory· Published Jul 31, 2025· Updated Jun 17, 2026
CVE-2025-52203
CVE-2025-52203
Description
A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DevaslanPHP/project-managementdescription
- Range: <1.2.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.