CVE-2025-5976
BaseFortify
Publication date: 2025-06-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | rail_pass_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5976 is a cross-site scripting (XSS) vulnerability in PHPGurukul Rail Pass Management System version 1.0, specifically in the /admin/add-pass.php file. It occurs because the 'fullname' parameter accepts user input that is not properly sanitized or encoded before being included in the web page output. This allows an attacker to inject malicious scripts that execute in the context of the victim's browser, potentially compromising the application's integrity. The vulnerability can be exploited remotely and requires user interaction. [1, 2, 3]
How can this vulnerability impact me? :
Exploitation of this XSS vulnerability can lead to theft of user sessions and authentication cookies, unauthorized actions performed on behalf of authenticated users, redirection to malicious websites, webpage defacement, delivery of malware payloads, compromise of user accounts, and unauthorized manipulation of application functionality. These impacts can severely affect user security and application integrity. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable endpoint /admin/add-pass.php in the PHPGurukul Rail Pass Management System 1.0. One method is to use Google dorking with the query "inurl:admin/add-pass.php" to find potentially vulnerable targets. Additionally, testing the 'fullname' parameter by sending crafted requests containing typical XSS payloads such as <script>alert(1)</script> and observing if the script executes can confirm the vulnerability. For example, using curl to send a POST request with a malicious payload in the 'fullname' parameter can help detect the issue. Example command: curl -X POST -F "fullname=<script>alert(1)</script>" https://targetsite.com/admin/add-pass.php [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Applying context-aware output encoding to all user inputs before rendering, especially the 'fullname' parameter, to prevent script injection. 2) Implementing a strict Content Security Policy (CSP) to restrict unauthorized script execution. 3) Enforcing input validation and sanitization using allow-list filtering and trusted libraries like DOMPurify to remove dangerous tags or attributes. 4) Securing session cookies by setting HttpOnly and Secure flags to prevent JavaScript access and ensure secure transmission. 5) Utilizing security features of modern web frameworks that provide automatic sanitization and escaping, and avoiding unsafe methods such as innerHTML or document.write(). If possible, replacing the affected product with a secure alternative is recommended. [2]