Plataforma
php
Componente
my-cves
Corrigido em
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in code-projects Car Rental Management System, affecting versions 1.0. This flaw allows attackers to inject malicious scripts through manipulation of the pgdetails argument within the /admin/manage-pages.php file. Successful exploitation could lead to session hijacking or defacement of the administrative interface. The vulnerability is fixed in version 1.0.1.
The XSS vulnerability in Car Rental Management System allows an attacker to inject arbitrary JavaScript code into the application. This code will then be executed in the context of the user's browser when they access the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or modify the content of the page. Given that the vulnerability exists within the /admin/manage-pages.php file, successful exploitation could grant an attacker administrative access to the system, enabling them to modify data, create new users, or perform other unauthorized actions. The impact is amplified if the administrative interface handles sensitive data or controls critical system functions.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. No specific KEV listing or EPSS score is currently available. Public proof-of-concept exploits may emerge, making it easier for attackers to exploit the vulnerability. The CVE was published on 2025-01-17.
Administrators of Car Rental Management System instances running versions 1.0 are at immediate risk. Shared hosting environments where multiple users share the same server and application instance are particularly vulnerable, as an attacker could potentially compromise other users' accounts through this XSS vulnerability.
• wordpress / composer / npm:
grep -r "pgdetails" /var/www/html/admin/manage-pages.php• generic web:
curl -I http://your-car-rental-system/admin/manage-pages.php?pgdetails=<script>alert('XSS')</script>disclosure
Status do Exploit
EPSS
0.14% (percentil 33%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-0537 is to upgrade Car Rental Management System to version 1.0.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, implement strict input validation and output encoding on the pgdetails parameter within the /admin/manage-pages.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and sanitize user-supplied data to prevent similar vulnerabilities from being introduced in the future.
Actualice el Car Rental Management System a una versión posterior a la 1.0, si existe, que corrija la vulnerabilidad XSS en el archivo manage-pages.php. Si no hay una versión corregida disponible, revise y filtre las entradas del parámetro pgdetails en el archivo manage-pages.php para evitar la ejecución de código JavaScript malicioso.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-0537 is a cross-site scripting (XSS) vulnerability in Car Rental Management System versions 1.0-1.0, allowing attackers to inject malicious scripts via the /admin/manage-pages.php file.
You are affected if you are using Car Rental Management System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade Car Rental Management System to version 1.0.1 or later. Implement input validation and output encoding as a temporary workaround.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-0537.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.