CVE-2025-57145
low-risk
Published 2025-09-16
A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Auto Taxi Stand Management System
Affected Vendors
References (4)
Not Applicable
http://auto.com
Product
http://phpgurukul.com
Third Party Advisory
https://github.com/nandanacp/CVE-Collection/blob/main/CVE-2025-57145/README.md
Third Party Advisory
https://github.com/nandanacp/CVE-Collection/blob/main/CVE-2025-57145/README.md
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal