Cross Site Scripting Vulnerability in Campcodes Online Movie Theater Management System
CVE-2025-7840

5.1MEDIUM

Key Information:

Vendor

Campcodes

Status
Online Movie Theater Seat Reservation System
Vendor
CVE Published:
19 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7840?

A vulnerability exists in Campcodes Online Movie Theater Seat Reservation System 1.0 that allows attackers to exploit the Reserve Your Seat Page through cross site scripting. The flaw is within the /index.php?page=reserve file, where user input on the Firstname/Lastname fields can be manipulated to insert malicious scripts. This issue could be exploited remotely, presenting a significant risk to the security of the application and its users. Disclosed publicly, the vulnerability emphasizes the importance of thorough input validation to safeguard web applications from XSS attacks.

Affected Version(s)

Online Movie Theater Seat Reservation System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7840 - Proof of Concept

References

https://vuldb.com/?id.316941
vdb-entrytechnical-description
https://vuldb.com/?ctiid.316941
signaturepermissions-required
https://vuldb.com/?submit.617678
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-7840 : Cross Site Scripting Vulnerability in Campcodes Online Movie Theater Management System