CVE-2025-14221

LOW

SourceCodester Online Banking System 1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-14221. PoCs published by fatmatrabelsi17.

AI-analyzed exploit summary This repository contains a writeup describing a Stored Cross-Site Scripting (XSS) vulnerability in the User Profile Update functionality of the Online Banking System 1.0 by SourceCodester. The vulnerability allows arbitrary JavaScript execution when malicious input is injected into the First Name field.

Description

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.

Exploits (1)

nomisec WRITEUP

by fatmatrabelsi17 · poc

https://github.com/fatmatrabelsi17/CVE-2025-14221

View Code ZIP pw:eip

This repository contains a writeup describing a Stored Cross-Site Scripting (XSS) vulnerability in the User Profile Update functionality of the Online Banking System 1.0 by SourceCodester. The vulnerability allows arbitrary JavaScript execution when malicious input is injected into the First Name field.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online Banking System 1.0

Auth required

Prerequisites: Access to a user account with profile update permissions

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.334663

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.334663

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.701624

Exploit exploit

https://mega.nz/file/T4hjCagS#87U1JgRHZWzXW2HTpBIG-H9dJ_w9kUERmaaQqJyB5_Q

Product product

https://www.sourcecodester.com/

Scores

CVSS v3 3.5

EPSS 0.0021

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

oretnom23/banking_system 1.0

Published Dec 08, 2025

Tracked Since Feb 18, 2026