CVE-2025-25776

Published: Apr 28, 2025Modified: Apr 30, 2025

5.0

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.8 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.

Affected (1)

Products: Codeastro: Bus Ticket Booking System

1 product

Bus Ticket Booking System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Codeastro Bus Ticket Booking System	Version 1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/

Source: cve@mitre.org

Product

https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25776

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.