CVE-2025-14221

LOW

SourceCodester Online Banking System 1.0 - XSS

Title source: llm

Description

A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.

Exploits (1)

nomisec WRITEUP

by fatmatrabelsi17 · poc

https://github.com/fatmatrabelsi17/CVE-2025-14221

View Code ZIP pw:eip

References (5)

[Exploit] https://mega.nz/file/T4hjCagS#87U1JgRHZWzXW2HTpBIG-H9dJ_w9kUERmaaQqJyB5_Q

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.334663

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.334663

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.701624

[Product] https://www.sourcecodester.com/

Scores

CVSS v3 3.5

EPSS 0.0005

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

oretnom23/banking_system 1.0

Published Dec 08, 2025

Tracked Since Feb 18, 2026