CVE-2025-12298
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | simple_food_ordering_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12298 is a stored Cross-Site Scripting (XSS) vulnerability in the Simple Food Ordering System 1.0, specifically in the editcategory.php file. It occurs because the pname parameter is not properly sanitized or encoded before being stored and later displayed. This allows attackers to inject malicious JavaScript code that is permanently stored on the server and executed in the browsers of users who visit the affected page. The vulnerability arises during the update or edit functionality where user input is accepted and stored without adequate sanitization and later rendered without proper output encoding, enabling persistent script execution. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to session hijacking, account takeover, data theft, phishing attacks, malware distribution, defacement, and complete compromise of user accounts. It affects all major browsers and can cause significant security breaches, reputation damage, business disruption, and potential regulatory fines. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to regulatory fines under standards like GDPR due to data theft and unauthorized access resulting from session hijacking and account compromise. The presence of such a security flaw indicates non-compliance with data protection and security requirements mandated by regulations such as GDPR and HIPAA, which require adequate protection of user data and prevention of unauthorized access. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the 'pname' parameter in the 'editcategory.php' file for stored Cross-Site Scripting (XSS). You can send a POST request with a malicious payload such as `<script>alert(1)</script>` to the 'editcategory.php' endpoint and observe if the script executes when the page is reloaded or revisited. For example, using curl: `curl -X POST -F "pname=<script>alert(1)</script>" http://targetsite/editcategory.php` and then accessing the page to see if the alert box appears. Additionally, monitoring network traffic for suspicious script injections or checking server logs for unusual input in the 'pname' parameter can help detect exploitation attempts. Deploying a Web Application Firewall (WAF) with XSS detection rules can also aid in identifying attacks. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing context-aware output encoding such as using PHP's `htmlspecialchars` function when displaying user input to prevent script execution. Additionally, enforce strict Content Security Policy (CSP) headers with nonce or hash-based inline script restrictions to limit script execution. Validate inputs using whitelists for expected data types and lengths to reduce malicious input. Use security headers like X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection. Deploy Web Application Firewalls (WAF) to detect and block XSS attempts. Longer-term measures include adopting modern web frameworks with built-in XSS protections, conducting developer security training, automated security testing, and regular security audits. [1]