Bus Ticket Booking System

bus_ticket_booking_system

Vendor: Codeastro • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25776 1Codeastro 1Bus Ticket Booking System Apr 30, 2025 Apr 28, 2025 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address f...Show more Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.Show less
CVE-2025-25775 1Codeastro 1Bus Ticket Booking System May 28, 2025 Apr 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
CVE-2025-25777 1Codeastro 1Bus Ticket Booking System May 28, 2025 Apr 24, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile witho...Show more Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.Show less