CVE-2025-5765
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | simple_laundry_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5765 is a Stored Cross-Site Scripting (XSS) vulnerability in the Laundry System version 1.0, specifically in the /data/edit_laundry.php file. It occurs because the application does not properly validate or sanitize the 'customer' parameter, allowing attackers to inject malicious scripts that are stored in the database and later executed in users' browsers when viewing affected pages. This enables attackers to run arbitrary JavaScript code remotely, potentially leading to actions like cookie theft, session hijacking, and other malicious activities. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who view the affected pages. This can lead to theft of cookies, session hijacking, exfiltration of sensitive data, website defacement, distribution of client-side malware, and potentially full user compromise. It threatens data confidentiality, system integrity, and organizational trust. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable file /data/edit_laundry.php and testing the 'customer' parameter for stored cross-site scripting (XSS). One method is to use Google Dorking with the query: inurl:data/edit_laundry.php to find exposed endpoints. Additionally, you can test by sending a POST request with a payload such as customer=<script>alert(1)</script> to see if the script is stored and executed. For example, using curl: curl -X POST -d "customer=<script>alert(1)</script>" https://targetsite/data/edit_laundry.php and then checking if the script executes on pages displaying the customer data (e.g., /home.php). Monitoring web traffic for suspicious script injections in the 'customer' parameter can also help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing proper input validation and sanitization on the 'customer' parameter to prevent malicious script injection. Additionally, apply output encoding or escaping when displaying user-supplied data to prevent execution of injected scripts. If possible, replace the vulnerable Laundry System 1.0 with an alternative product that does not have this vulnerability. Since no known countermeasures are reported, these coding best practices are essential to prevent exploitation. Monitoring and restricting user input and applying web application firewalls (WAF) rules to detect and block XSS payloads can also help mitigate risk until a permanent fix is applied. [2, 3]