CVE Catalog

CVE-2025-57145

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A stored XSS vulnerability in the search-autootaxi.php endpoint of the ATSMS web application. Improper input sanitization allows injection of arbitrary JavaScript, which is stored and executed when the report page is accessed.

Risk Assessment

Attackers can steal session cookies, hijack user sessions, and perform unauthorized actions in the victim's browser, compromising data confidentiality and integrity.

Recommendation

Implement input validation and sanitization for the form field, and apply output encoding (e.g., HTML entity encoding) for all data displayed on the report page.

Original NVD description (English source)

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS