CVE-2025-7840
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=reserve of the component Reserve Your Seat Page. The manipulation of the argument Firstname/Lastname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-19
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7840
EUVD
EUVD-2025-21973
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
campcodes online_movie_theater_seat_reservation_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can lead to serious security impacts including theft of cookies, session hijacking, and unauthorized actions performed with the administrator's privileges. Because the malicious script executes in the admin's browser, an attacker can potentially take control of admin sessions or perform actions on behalf of the admin, compromising the integrity and security of the system. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by submitting a reservation with a typical XSS payload such as `<script>alert(document.cookie)</script>` in the Firstname or Lastname fields on the reservation page (/index.php?page=reserve). After submission, log into the admin account and view the booking status page to see if the script executes. There are no specific network commands provided, but manual testing via the web interface is the suggested detection method. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding use of the vulnerable system or replacing it with an alternative product, as no known countermeasures or mitigations have been identified. Additionally, restricting access to the admin booking status page and monitoring for suspicious activity may help reduce risk until a fix is applied. [3]


Can you explain this vulnerability to me?

CVE-2025-7840 is a Stored Cross-Site Scripting (XSS) vulnerability in the Campcodes Online Movie Theater Seat Reservation System version 1.0. It occurs because the system does not properly sanitize or escape user inputs in the Firstname and Lastname fields on the reservation page (/index.php?page=reserve). An attacker can inject malicious JavaScript code into these fields, which is then stored and later executed in the browser context of an administrator viewing the booking status page. This allows the attacker to run arbitrary scripts remotely. [1, 2, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart