CVE-2025-57145Cross-site Scripting in Auto Taxi Stand Management System

CWE-79Cross-site Scripting3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 93.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Auto Taxi Stand Management System
Timeline
PublishedSep 16

Description

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2025-57145: A cross-site scripting (XSS) vulnerability exists in the search-autootaxi2025-09-16
GHSA
GHSA-45g4-83v3-gcqp: A cross-site scripting (XSS) vulnerability exists in the search-autootaxi2025-09-16
CVE-2025-57145 — Cross-site Scripting | cvebase