CVE 5.4 MEDIUM

CVE-2025-57145_CVE-2025-57145

September 17, 2025 invoker category_cve

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.

AI Analysis

A cross-site scripting (XSS) vulnerability in the ATSMS web application allows attackers to inject malicious scripts via the search-autootaxi.php endpoint, leading to session hijacking and unauthorized actions.

Basic Information

ID CVE-2025-57145

Source mitre

Published Sep 16, 2025 at 00:00

Modified Sep 16, 2025 at 18:32

Affected Product

Vendor n/a

Product n/a

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 5.4 / 10

AI Severity MEDIUM

Vendor ATSMS

Product ATSMS Web Application

Version n/a

References

{
    "lastseen": "",
    "description": "A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.",
    "published": "2025-09-16T00:00:00.000Z",
    "modified": "2025-09-16T18:32:52.650Z",
    "type": "cve",
    "title": "CVE-2025-57145",
    "source": "mitre",
    "references": "http://phpgurukul.com\nhttp://auto.com\nhttps://github.com/nandanacp/CVE-Collection/blob/main/CVE-2025-57145/README.md",
    "id": "CVE-2025-57145",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "n/a",
    "version": "n/a",
    "vendor": "n/a",
    "ai_description": "A cross-site scripting (XSS) vulnerability in the ATSMS web application allows attackers to inject malicious scripts via the search-autootaxi.php endpoint, leading to session hijacking and unauthorized actions.",
    "ai_severity": "MEDIUM",
    "ai_vendor": "ATSMS",
    "ai_product": "ATSMS Web Application",
    "ai_version": "n/a",
    "ai_score": 5.4
}

💭 Join the Security Discussion ❌ Cancel Reply