CVE-2025-5973
BaseFortify
Publication date: 2025-06-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | restaurant_table_booking_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5973 is a cross-site scripting (XSS) vulnerability in the PHPGurukul Restaurant Table Booking System version 1.0, specifically in the /admin/add-table.php file. The vulnerability occurs because the 'tableno' parameter accepts user input that is not properly sanitized or validated, allowing attackers to inject malicious JavaScript code. This malicious script executes in the context of the victim's browser, potentially compromising user accounts, stealing sensitive data, and manipulating application functionality. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including theft of user sessions and authentication cookies, unauthorized actions performed on behalf of authenticated users, redirection of users to malicious websites, defacement of web pages, and delivery of malware. Attackers can exploit this remotely by injecting malicious scripts via the 'tableno' parameter, compromising user security and application integrity. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable PHPGurukul Restaurant Table Booking System version 1.0, specifically the file /admin/add-table.php. Vulnerable targets can be identified using Google dorking with the query: inurl:admin/add-table.php. Additionally, testing the 'tableno' parameter by injecting a simple XSS payload such as <script>alert(document.cookie)</script> in a POST request to /rtbs/admin/add-table.php can confirm the vulnerability if the script executes. Network or system scanning tools can be used to detect the presence of this URL and test for reflected XSS in the 'tableno' parameter. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Implement context-aware output encoding such as HTML entity encoding for data inserted into HTML to prevent script execution. 2) Enforce a strict Content Security Policy (CSP) header to reduce the risk and impact of XSS attacks. 3) Apply rigorous input validation and sanitization by filtering inputs against allow-lists and removing dangerous tags or attributes, using libraries like DOMPurify if needed. 4) Secure session cookies by marking them as HttpOnly and Secure to prevent access via JavaScript and ensure transmission over HTTPS. 5) Utilize built-in protections from modern frameworks that provide automatic sanitization and escaping, and avoid unsafe methods like innerHTML and document.write(). If possible, consider replacing the affected product or applying patches if available. [2]