CVE-2025-25776

Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.

CVSS

No CVSS.

References

Link	Resource
https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/	Product
https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25776	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:*:*:*:*:*:*:*

History

30 Apr 2025, 18:58

Type	Values Removed	Values Added
First Time		Codeastro bus Ticket Booking System Codeastro
CPE		cpe:2.3:a:codeastro:bus_ticket_booking_system:1.0:::::::*
References	~~() https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25776 -~~	() https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25776 - Exploit, Third Party Advisory
References	~~() https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/ -~~	() https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/ - Product

28 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-28 15:15

Updated : 2025-04-30 18:58

NVD link : CVE-2025-25776

Mitre link : CVE-2025-25776

JSON object : View

Products Affected

codeastro

bus_ticket_booking_system

CWE

No CWE.

JSON object

Attach tags to CVE-2025-25776

Attach tags to `CVE-2025-25776`