Platform
php
Component
online-bike-rental
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Online Bike Rental versions 1.0 through 1.0. This flaw resides within the /vehical-details.php file, specifically impacting the HTTP GET Request Handler. Successful exploitation allows remote attackers to inject malicious scripts, potentially compromising user sessions and data integrity. The vulnerability is resolved in version 1.0.1.
The XSS vulnerability in Online Bike Rental allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a victim's browser when they visit the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The impact is amplified if the application handles sensitive data or is integrated with other systems, as the attacker could potentially gain access to this data or use the compromised application as a launchpad for further attacks. While the CVSS score is LOW, the potential for user compromise and data theft remains a significant concern.
CVE-2025-0339 was publicly disclosed on 2025-01-09. No public proof-of-concept (POC) code has been identified at the time of writing. The vulnerability's LOW CVSS score suggests a lower probability of active exploitation, but diligent monitoring is still recommended. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.17% (38% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0339 is to upgrade Online Bike Rental to version 1.0.1 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the /vehical-details.php page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security rules to reflect the latest threat landscape.
Update to a patched version or apply the necessary security measures to prevent code XSS injection. Properly validate and escape user inputs in the /vehical-details.php file, especially in the HTTP GET request handler. Implement a Content Security Policy (CSP) to mitigate XSS risks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0339 is a cross-site scripting (XSS) vulnerability affecting Online Bike Rental versions 1.0 through 1.0, allowing attackers to inject malicious scripts via the /vehical-details.php file.
You are affected if you are using Online Bike Rental version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1 or later. As a temporary measure, implement input validation and output encoding on the /vehical-details.php page.
No active exploitation has been confirmed at this time, but diligent monitoring is recommended.
Refer to the Online Bike Rental project's official website or repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.