Plattform
php
Komponente
online-banking-system
Behoben in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Online Banking System versions 1.0 through 1.0. This flaw resides within the /?page=user file and can be triggered by manipulating the First Name/Last Name parameters. Successful exploitation allows an attacker to inject malicious scripts, potentially compromising user sessions and data. A patch is available in version 1.0.1.
The XSS vulnerability in SourceCodester Online Banking System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser, potentially leading to session hijacking, account takeover, and the theft of sensitive information like login credentials and financial data. An attacker could also redirect users to malicious websites or deface the online banking interface. Given the nature of online banking systems, the potential impact is significant, as attackers could gain access to substantial financial resources and sensitive personal data.
This vulnerability is publicly known and an exploit is available, increasing the risk of immediate exploitation. It has been added to the NVD database on 2025-12-08. The LOW CVSS score reflects the limited attack complexity and potential impact, but the public availability of an exploit warrants immediate attention.
Organizations and individuals utilizing SourceCodester Online Banking System versions 1.0 through 1.0 are at risk. This includes small to medium-sized businesses relying on this system for their online banking operations, as well as users who may be vulnerable to account compromise.
• php / web:
curl -I 'https://example.com/?page=user&FirstName=<script>alert(1)</script>&LastName=<script>alert(1)</script>' | grep -i 'content-type'• generic web:
curl -s 'https://example.com/?page=user&FirstName=<script>alert(1)</script>&LastName=<script>alert(1)</script>' | grep -i 'alert(1)'disclosure
poc
Exploit-Status
EPSS
0.04% (11% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-14221 is to immediately upgrade to version 1.0.1 of SourceCodester Online Banking System. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the First Name/Last Name fields to prevent malicious code from being injected. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security rulesets to ensure they are effective against emerging threats.
Actualice el sistema Online Banking System a una versión parcheada o descontinúe su uso. Implemente validación y sanitización de entradas en los campos 'First Name' y 'Last Name' para evitar la inyección de código malicioso. Considere utilizar una función de escape HTML para mostrar los datos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14221 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Online Banking System versions 1.0–1.0, allowing attackers to inject malicious scripts via the /?page=user file.
You are affected if you are using SourceCodester Online Banking System versions 1.0–1.0. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1. As a temporary workaround, implement input validation and sanitization on the First Name/Last Name fields.
Yes, an exploit for CVE-2025-14221 is publicly available, indicating a potential for active exploitation.
Refer to the SourceCodester website or their official communication channels for the advisory regarding CVE-2025-14221.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.