CVE-2025-57424
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-09-29
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hbi_consulting | mycourts | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1004 | The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) flaw in the MyCourts v3 application, specifically in the LTA number profile field. An attacker can inject malicious JavaScript code into their profile, which then executes in the browsers of any users who view that profile, including administrators. Because the session cookies lack the HttpOnly flag, the injected script can access these cookies, allowing attackers to steal session tokens and hijack user sessions, potentially gaining elevated privileges or full account takeover. [1]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking by stealing session cookies through injected malicious scripts. Attackers can gain unauthorized access to user accounts, escalate privileges, and potentially take over administrative functions. This compromises the confidentiality and integrity of user data and the application, allowing persistent unauthorized access without re-authentication. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the LTA number field in the user profile for stored XSS payloads. One method is to submit a crafted payload such as "'><script>prompt(document.cookie)</script>" via a POST request to /my_profile_settings_process.asp and then viewing the profile or members directory (/directory.asp) to see if the script executes. Additionally, Web Application Firewalls (WAF) can be used to detect XSS patterns. Network monitoring for suspicious POST requests to /my_profile_settings_process.asp or unexpected JavaScript execution in profile pages can also help detect exploitation attempts. Specific commands could include using curl to POST the payload, for example: curl -X POST -d "LTA_number='><script>prompt(document.cookie)</script>" https://targetsite/my_profile_settings_process.asp and then manually checking the profile page for script execution. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the MyCourts application to the August 2025 release or later, which contains the fix. Additionally, implement strict input validation to accept only numerical input in the LTA number field, apply proper output encoding (HTML escaping) of user-supplied data, and set the HttpOnly attribute on session cookies to prevent JavaScript access. Deploying a strict Content Security Policy (CSP) to block inline scripts and using a whitelist approach for input filtering are also recommended. Using a Web Application Firewall (WAF) to detect and block XSS attempts can provide additional protection. [1]