CVE-2025-5764
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | simple_laundry_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5764 is a Stored Cross-Site Scripting (XSS) vulnerability in the Laundry System version 1.0, specifically in the file /data/insert_laundry.php. The vulnerability occurs because the 'customer' parameter accepts user input without proper validation or sanitization. This input is stored in the system and later displayed on web pages without escaping, allowing attackers to inject and execute malicious JavaScript code in users' browsers. This can lead to actions such as stealing cookies or manipulating user sessions. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who visit affected pages. Potential impacts include session hijacking, theft of sensitive data such as cookies, website defacement, distribution of client-side malware, and full user compromise. These actions can harm data confidentiality, system integrity, and organizational trust. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'customer' parameter in the /data/insert_laundry.php file for stored cross-site scripting (XSS). A common method is to submit a POST request with a payload such as customer=<script>alert(1)</script> and then check if the script executes when the affected page is loaded. Additionally, attackers or testers can use Google Dorking with queries like "inurl:data/insert_laundry.php" to identify potentially vulnerable targets. For detection on your system, you can use curl or similar tools to send test POST requests and observe the response or behavior in the application. Example command: curl -X POST -d "customer=<script>alert(1)</script>" https://your-target-domain/data/insert_laundry.php -v [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate steps to mitigate this vulnerability include implementing proper input validation and sanitization on the 'customer' parameter to prevent malicious script injection. Additionally, apply output encoding or escaping when rendering user input on web pages to neutralize any injected scripts. If possible, replace or update the affected component (/data/insert_laundry.php) with a secure version that handles input safely. Since no known mitigations are reported, urgent remediation is necessary to protect system security and data integrity. [1, 2, 3]