Platform
php
Fixed in
1.0.1
CVE-2025-15214 describes a cross-site scripting (XSS) vulnerability discovered in Campcodes Park Ticketing System, specifically affecting version 1.0. This flaw allows attackers to inject malicious scripts into the system, potentially compromising user data and system integrity. The vulnerability resides within the savepricing function of the adminclass.php file and can be exploited remotely. A patch is expected to address this issue.
Successful exploitation of CVE-2025-15214 enables an attacker to inject arbitrary JavaScript code into the Park Ticketing System. This code can then be executed in the context of a user's browser when they interact with the affected page. The impact ranges from session hijacking and defacement to the theft of sensitive user data, such as login credentials or personal information. Because the vulnerability is remotely exploitable, attackers can target users without requiring local access to the system. The public availability of an exploit significantly increases the risk of widespread exploitation.
This vulnerability has been publicly disclosed and a proof-of-concept exploit is available, indicating a high probability of exploitation. The CVE was published on 2025-12-30. The CVSS score of 2.4 (LOW) reflects the relatively limited impact and ease of exploitation, but the public availability of the exploit warrants immediate attention. No KEV listing is currently available.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-15214 is to upgrade to a patched version of Campcodes Park Ticketing System as soon as it becomes available. Until a patch is applied, consider implementing input validation and output encoding on the name and ride parameters within the save_pricing function to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. Regularly review and update security configurations to minimize the attack surface.
Update to a patched version or apply the necessary security measures to prevent the execution of XSS (Cross-Site Scripting) code. Validate and sanitize user inputs in the save_pricing function of the admin_class.php file.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15214 is a cross-site scripting (XSS) vulnerability affecting Campcodes Park Ticketing System version 1.0, allowing attackers to inject malicious scripts.
If you are using Campcodes Park Ticketing System version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as possible.
The recommended fix is to upgrade to a patched version of Campcodes Park Ticketing System. Until then, implement input validation and output encoding.
A proof-of-concept exploit is publicly available, indicating a high probability of active exploitation.
Please refer to the Campcodes website or security channels for the official advisory regarding CVE-2025-15214.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.