CVE-2025-5651
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-11-13
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| carmelo | traffic_offense_reporting_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5651 is a Stored Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Traffic Offense Reporting System, specifically in the saveuser.php file. The vulnerability occurs because the application does not properly validate or sanitize user input parameters such as user_id, username, email, name, and position. Malicious scripts injected via these parameters are stored in the database and later rendered directly on the front-end without encoding or filtering, allowing attackers to execute arbitrary JavaScript in users' browsers. This can lead to session hijacking, theft of cookies, data exfiltration, website defacement, malware distribution, and full user compromise. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who access the affected system. This can result in session hijacking, theft of sensitive cookies, exfiltration of sensitive data, website defacement, distribution of client-side malware, and potentially full compromise of user accounts. Because the malicious code is stored and executed persistently, it poses a significant security risk to both users and the system's integrity. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious script injections in the parameters user_id, username, email, name, and position submitted to the /saveuser.php endpoint. A proof-of-concept involves sending POST requests with script tags in these parameters and observing if the scripts execute when accessing the USER LIST page (view-users.php). Additionally, Google dorking with queries like "inurl:saveuser.php" can help locate vulnerable targets. A sample command to test could be a curl POST request embedding script tags, for example: curl -X POST -d "user_id=<script>alert(1)</script>&username=<script>alert(1)</script>&pass=test&email=<script>alert(1)</script>&name=<script>alert(1)</script>st&address=test&position=<script>alert(1)</script>" http://targetsite/saveuser.php If the alert executes when viewing the user list, the system is vulnerable. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper input validation and output encoding to prevent malicious code injection and execution. Specifically, sanitize and validate all user inputs for the parameters user_id, username, email, name, and position before storing them in the database. Also, ensure that any data rendered on the front-end, such as in the USER LIST module, is properly encoded or escaped to neutralize scripts. If possible, replace the affected software with a secure alternative. Until patches or fixes are applied, restrict access to the vulnerable endpoints and monitor for suspicious activity. [1, 2, 3]