CVE-2025-25776

MEDIUM

Codeastro Bus Ticket Booking System - XSS

Title source: rule

Description

Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.

References (2)

Core 2

Core References

Product

https://codeastro.com/bus-ticket-booking-system-in-php-codeigniter-with-source-code/

Exploit, Third Party Advisory

https://github.com/arunmodi/Vulnerability-Research/tree/main/CVE-2025-25776

View Exploit ZIP pw:eip

Scores

CVSS v3 5.0

EPSS 0.0009

EPSS Percentile 25.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

codeastro/bus_ticket_booking_system 1.0

Published Apr 28, 2025

Tracked Since Feb 18, 2026