CVE-2025-14200
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-07

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-07
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14200
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alokjaiswal hotel-management-services-using-mysql-and-php *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a cross-site scripting (XSS) issue found in the /usersub.php file of the Request Pending Page component in the alokjaiswal Hotel-Management-services-using-MYSQL-and-php application. It allows an attacker to remotely inject malicious scripts by manipulating an unknown function, potentially leading to unauthorized script execution in the context of the affected web application.

Impact Analysis

The vulnerability can allow an attacker to execute malicious scripts in the user's browser, which may lead to session hijacking, defacement, or redirection to malicious sites. Although the impact on confidentiality and availability is rated low, the integrity of the application can be compromised, potentially affecting user trust and application behavior.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable file `/usersub.php` in the Hotel-Management-services-using-MYSQL-and-php application and testing for cross-site scripting (XSS) by injecting typical XSS payloads into inputs processed by this page. Additionally, attackers can identify vulnerable targets using Google dorking with queries like `inurl:usersub.php`. Specific commands to detect the vulnerability include using curl or wget to send crafted requests to `/usersub.php` with XSS payloads and observing if the payload is reflected unescaped in the response. For example: `curl -G --data-urlencode 'input=<script>alert(1)</script>' http://target/usersub.php` and checking the response for the script tag. Since a proof-of-concept exploit is publicly available, it can be used as a reference for detection techniques. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the affected component with an alternative product until a fix is available, as no vendor-provided mitigations or patches exist. Additionally, applying web application firewall (WAF) rules to filter and block malicious input targeting `/usersub.php` can help reduce risk. It is also advisable to sanitize and validate all user inputs on the server side to prevent XSS attacks. Monitoring and restricting access to the vulnerable page and educating users about the risks of interacting with untrusted inputs can further mitigate exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14200. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart