CVE-2025-5796
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | simple_laundry_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5796 is a Stored Cross-Site Scripting (XSS) vulnerability in Laundry System version 1.0, specifically in the /data/edit_type.php file. It occurs because the application does not properly validate or sanitize the user-supplied 'type' parameter. Attackers can inject malicious JavaScript code through this parameter, which is then stored and later executed in other users' browsers when they load affected pages. This allows attackers to perform actions such as stealing cookies, hijacking sessions, or executing arbitrary scripts in the victim's browser. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts in the browsers of users who visit the affected pages. This can lead to theft of cookies, session hijacking, data exfiltration, website defacement, distribution of client-side malware, and potentially full user compromise. Because the malicious code is stored and executed persistently, it poses a significant risk to data confidentiality, system integrity, and user trust. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'type' parameter in the /data/edit_type.php file for stored cross-site scripting (XSS). One method is to submit a POST request with a payload such as type=<script>alert(1)</script> to /data/edit_type.php and then check if the script executes when the affected page (e.g., /laundrytype.php or /data/all_types.php) is loaded. Additionally, vulnerable targets can be identified using Google dork queries like inurl:data/edit_type.php. Example command using curl to test the vulnerability: curl -X POST -d "type=<script>alert(1)</script>" https://targetsite.com/data/edit_type.php [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating and sanitizing all user inputs, especially the 'type' parameter, to prevent injection of malicious scripts. Proper output encoding should be implemented to neutralize any injected code before rendering it on web pages. If possible, replace or update the affected software to a version without this vulnerability. Since no known countermeasures are documented, applying input validation and output encoding is critical to prevent exploitation. [1, 2, 3]