CVE-2025-41024
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-02-05

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows:Β  'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber' y 'regno' parameters in '/farm/farmprofile.php'.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-02-05
Generated
2026-05-06
AI Q&A
2026-01-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-41024
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nikhil-bhalerao poultry_farm_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-41024 is a Stored Cross-Site Scripting (XSS) vulnerability in Poultry Farm Management System version 1.0. It occurs because the system does not properly validate user input sent via POST requests to the '/farm/farmprofile.php' endpoint, specifically in parameters like 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber', and 'regno'. This allows an attacker with low privileges and requiring user interaction to inject malicious scripts into the application. [1]


How can this vulnerability impact me? :

This vulnerability can allow attackers to inject malicious scripts into the application, which can then be executed in the context of other users. This may lead to unauthorized actions, theft of sensitive information such as cookies or session tokens, and potentially compromise user accounts or the integrity of the system. Since it requires user interaction and low privileges, it can be exploited through social engineering or tricking users into submitting crafted input. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the '/farm/farmprofile.php' endpoint with POST requests containing malicious script payloads in the parameters 'companyaddress', 'companyemail', 'companyname', 'country', 'mobilenumber', and 'regno'. For example, you can use curl commands to send POST requests with script tags in these parameters and observe if the response reflects the injected script without proper sanitization. Example command: curl -X POST -d "companyname=<script>alert(1)</script>" https://target/farm/farmprofile.php -v. Monitoring web application logs for suspicious input patterns or alerts from web application firewalls (WAF) can also help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting user input by implementing proper input validation and sanitization on the server side for the affected parameters in '/farm/farmprofile.php'. Since no patch or solution is currently reported, consider applying web application firewall (WAF) rules to block malicious scripts in POST requests targeting these parameters. Additionally, limit user privileges to reduce the impact of potential exploitation and educate users to avoid interacting with suspicious content. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart