CVE-2025-6126
BaseFortify
Publication date: 2025-06-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | rail_pass_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6126 is a Cross-Site Scripting (XSS) vulnerability in PHPGurukul Rail Pass Management System version 1.0, specifically in the /contact.php file. The vulnerability occurs because the 'name' parameter in the contact form is not properly sanitized or encoded before being included in the HTML output. This allows attackers to inject malicious JavaScript code that executes in the victim's browser, particularly when an administrator views the submitted contact information on the backend page. This can lead to theft of admin session cookies and passwords, enabling unauthorized access and manipulation of the application. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to administrator accounts by stealing session cookies and passwords through injected malicious scripts. Attackers can manipulate application functionality, steal sensitive information, perform unauthorized actions, redirect users to malicious sites, deface webpages, and deliver malware. The attack can be launched remotely without authentication, posing a significant security risk to the system and its users. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable PHPGurukul Rail Pass Management System version 1.0, specifically the /contact.php page. One method is to use Google dorking with the query "inurl:contact.php" to find potentially vulnerable targets. Additionally, testing the "name" parameter in /contact.php by submitting payloads such as <script>alert(document.cookie)</script> in a POST request can confirm the vulnerability if the script executes when the admin views the data. Network monitoring tools can look for suspicious POST requests to /contact.php containing script tags. Example command to test manually using curl: curl -X POST -d "name=<script>alert(document.cookie)</script>" http://target/rpms/contact.php [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing context-aware output encoding such as HTML entity encoding for all user inputs before rendering, enforcing a strict Content Security Policy (CSP) header to limit XSS impact, and applying rigorous input validation and sanitization using allow-lists and libraries like DOMPurify. Additionally, secure session cookies by marking them as HttpOnly and Secure, enforce HTTPS, and avoid unsafe DOM manipulation methods like innerHTML and document.write(). Utilizing built-in protections from modern frameworks that provide automatic sanitization and escaping is also recommended. If possible, replace the affected component with an alternative product. [1, 2, 3]