Cross Site Scripting Vulnerability in SourceCodester Web-based Pharmacy Product Management System
CVE-2025-3825

4.8MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Web-based Pharmacy Product Management System
Vendor
CVE Published:
20 April 2025

Badges

👾 Exploit Exists

What is CVE-2025-3825?

A cross site scripting vulnerability exists in the SourceCodester Web-based Pharmacy Product Management System 1.0. This flaw is found in the add-category.php file, where improper handling of the 'txtcategory_name' argument allows attackers to inject malicious scripts. The nature of this vulnerability enables remote attackers to exploit it, potentially compromising user data and the integrity of the application. Prompt remediation is essential to safeguard against potential exploitation.

Affected Version(s)

Web-based Pharmacy Product Management System 1.0

References

https://vuldb.com/?id.305732
vdb-entrytechnical-description
https://vuldb.com/?ctiid.305732
signaturepermissions-required
https://github.com/yaklang/IRifyScanResult/blob/main/Web-...
exploit

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.