CVE-2025-7840

LOW

Campcodes Online Movie Theater Seat Reservation System 1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-7840. PoCs published by byteReaper77.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-7840, an XSS vulnerability in a web application's reservation form. The exploit sends crafted GET requests to the vulnerable endpoint with malicious payloads in the 'Firstname' parameter.

Description

A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=reserve of the component Reserve Your Seat Page. The manipulation of the argument Firstname/Lastname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC 2 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-7840

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-7840, an XSS vulnerability in a web application's reservation form. The exploit sends crafted GET requests to the vulnerable endpoint with malicious payloads in the 'Firstname' parameter.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Unknown web application (reservation form endpoint)

No auth needed

Prerequisites: Target URL · libcurl development headers · argparse library for C

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.316941

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.316941

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.617678

Exploit, Third Party Advisory exploit issue-tracking

https://github.com/N1n3b9S/cve/issues/9

Product product

https://www.campcodes.com/

Scores

CVSS v3 3.5

EPSS 0.0033

EPSS Percentile 24.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

campcodes/online_movie_theater_seat_reservation_system 1.0

Published Jul 19, 2025

Tracked Since Feb 18, 2026