CVE-2025-11333
BaseFortify
Publication date: 2025-10-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langleyfcu | online_banking_system | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11333 is a cross-site scripting (XSS) vulnerability in the langleyfcu Online Banking System, specifically in the Add Customer Page component within the file /customer_add_action.php. The vulnerability occurs because the "First Name" input parameter is not properly escaped or neutralized before being included in the HTML output. This improper handling allows an attacker to inject malicious scripts that execute in the victim's browser when the input is reflected back, for example, during a database error. Remote attackers can exploit this by submitting crafted input to trigger script execution. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute malicious scripts in the context of your browser when interacting with the affected online banking system. This can lead to limited data integrity issues, such as manipulation of displayed information or execution of unauthorized actions within the user's session. However, exploitation requires authentication and user interaction, and the overall impact is considered low severity with a CVSSv3 base score of 2.4. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /customer_add.php page of the langleyfcu Online Banking System for cross-site scripting (XSS) by injecting script payloads such as <script>alert(1)</script> into the 'First Name' input field and observing if the script executes. Additionally, vulnerable targets can be identified using Google dorking with the query: inurl:customer_add_action.php. There is no specific network command provided, but manual or automated web application testing tools can be used to submit crafted inputs to the affected page and monitor responses for script execution. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures have been published for this vulnerability. It is suggested to replace the affected component or product. Immediate steps include avoiding use of the vulnerable Add Customer Page component or applying input validation and proper HTML escaping on the 'First Name' input to prevent script injection. Monitoring for exploit attempts and restricting access to the vulnerable page may also help reduce risk until a fix is applied. [2]