Cross Site Scripting Vulnerability in Needyamin Library Card System
CVE-2025-0844

6.9MEDIUM

Key Information:

Vendor
Needyamin
Status
Library Card System
Vendor
CVE Published:
30 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A security flaw has been identified in the Needyamin Library Card System 1.0, specifically within the signup.php file of the Registration Page component. This vulnerability allows for cross site scripting (XSS) through manipulation of the firstname, lastname, email, and user_address parameters. The exploit can be executed remotely, posing a significant risk to users. Once disclosed, this vulnerability may expose systems to various attacks, highlighting the necessity for immediate attention and remediation to prevent potential exploits.

Affected Version(s)

Library Card System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-0844 - Proof of Concept

References

https://vuldb.com/?id.294001
vdb-entrytechnical-description
https://vuldb.com/?ctiid.294001
signaturepermissions-required
https://vuldb.com/?submit.485558
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

Maloy Roy Orko
MaloyRoyOrko (VulDB User)
.