CVE-2025-11333

LOW

Langleyfcu Online Banking System - XSS

Title source: llm

Description

A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.327216

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.327216

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.664562

Various Sources exploit

https://github.com/mhszed/Report/blob/main/online-banking-system-mastercustomer_home.php%20xss1.docx

View Writeup ZIP pw:eip

Scores

CVSS v3 2.4

EPSS 0.0024

EPSS Percentile 14.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

langleyfcu/Online Banking System 57437e6400ce0ae240e692c24e6346b8d0c17d7a

Published Oct 06, 2025

Tracked Since Feb 18, 2026