CVE-2025-11333
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11333
EUVD
EUVD-2025-32170
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
langleyfcu online_banking_system *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11333 is a cross-site scripting (XSS) vulnerability in the langleyfcu Online Banking System, specifically in the Add Customer Page component within the file /customer_add_action.php. The vulnerability occurs because the "First Name" input parameter is not properly escaped or neutralized before being included in the HTML output. This improper handling allows an attacker to inject malicious scripts that execute in the victim's browser when the input is reflected back, for example, during a database error. Remote attackers can exploit this by submitting crafted input to trigger script execution. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing remote attackers to execute malicious scripts in the context of your browser when interacting with the affected online banking system. This can lead to limited data integrity issues, such as manipulation of displayed information or execution of unauthorized actions within the user's session. However, exploitation requires authentication and user interaction, and the overall impact is considered low severity with a CVSSv3 base score of 2.4. [1, 2]

Detection Guidance

This vulnerability can be detected by testing the /customer_add.php page of the langleyfcu Online Banking System for cross-site scripting (XSS) by injecting script payloads such as <script>alert(1)</script> into the 'First Name' input field and observing if the script executes. Additionally, vulnerable targets can be identified using Google dorking with the query: inurl:customer_add_action.php. There is no specific network command provided, but manual or automated web application testing tools can be used to submit crafted inputs to the affected page and monitor responses for script execution. [1, 2]

Mitigation Strategies

No known mitigations or countermeasures have been published for this vulnerability. It is suggested to replace the affected component or product. Immediate steps include avoiding use of the vulnerable Add Customer Page component or applying input validation and proper HTML escaping on the 'First Name' input to prevent script injection. Monitoring for exploit attempts and restricting access to the vulnerable page may also help reduce risk until a fix is applied. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11333. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart