CVE-2025-6288
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-06-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anujk305 | bus_pass_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6288 is a Stored Cross-Site Scripting (XSS) vulnerability in the PHPGurukul Bus Pass Management System version 1.0, specifically in the administrative profile page (/admin/admin-profile.php). An attacker with administrative privileges can inject malicious JavaScript code into input fields like the profile name. This malicious code is stored in the system and executes whenever the profile page is accessed, potentially affecting other administrators and users. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including administrative account takeover by stealing session cookies, website defacement by altering the admin profile page or other content, malware distribution through redirects or drive-by downloads, privilege escalation by performing unauthorized actions as other administrators, and data exfiltration by stealing sensitive information displayed on the affected page. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable page /admin/admin-profile.php in the PHPGurukul Bus Pass Management System version 1.0. One method to locate potentially vulnerable targets is using Google dorking with the query: inurl:admin/admin-profile.php. Additionally, testing the profile name input field for stored cross-site scripting (XSS) payloads can help detect exploitation. For example, an administrator can attempt to input a benign XSS payload such as <script>alert('XSS')</script> into the profile name field and observe if the script executes when the page is loaded. Network detection can involve monitoring for unusual JavaScript execution or alerts triggered from the admin-profile.php page. Specific commands for detection are not documented, but manual testing of the input field and web page behavior is recommended. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been documented for this vulnerability. The suggested immediate step is to replace the affected product with an alternative that does not contain this vulnerability. Additionally, restricting administrative access to trusted users only and monitoring for suspicious activity on the admin-profile.php page can help reduce risk. Applying input validation and output encoding on the profile name field to neutralize malicious scripts would be ideal, but no official patches or fixes are currently available. [2, 1]