CVE-2025-57145

Medium CVSS: 5.4

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.

Vendor

Phpgurukul

Product

Auto Taxi Stand Management System

CWE

CWE-79

Yayın Tarihi

2025-09-16 15:15:46

Güncelleme

2025-10-08 19:25:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Auto\/taxi Stand Management System MEDIUM Phpgurukul 2025

Referanslar

http://auto.com http://phpgurukul.com https://github.com/nandanacp/CVE-Collection/blob/main/CVE-2025-57145/README.md https://github.com/nandanacp/CVE-Collection/blob/main/CVE-2025-57145/README.md

Benzer Kayıtlar

Medium

CVE-2024-51226

A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51225

A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Man…

Medium

CVE-2024-51224

Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Recor…

Medium

CVE-2024-51223

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2024-51222

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Manag…

Medium

CVE-2026-3403

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown process…