Cross Site Scripting Vulnerability in Online Bike Rental by Code-Projects
CVE-2025-0339

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Online Bike Rental
Vendor
CVE Published:
9 January 2025

Summary

A cross site scripting vulnerability exists in the Online Bike Rental version 1.0 application. This issue is due to an insecure implementation in the HTTP GET Request Handler, specifically within the '/vehical-details.php' file. Attackers can exploit this vulnerability remotely to inject malicious scripts, potentially compromising user data and leading to unauthorized actions. Proper validation and sanitization of inputs are crucial to mitigate this risk.

Affected Version(s)

Online Bike Rental 1.0

References

https://vuldb.com/?id.290826
vdb-entry
https://vuldb.com/?ctiid.290826
signaturepermissions-required
https://vuldb.com/?submit.475731
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.