CVE-2025-57145

Name of the Vulnerable Software and Affected Versions ATSMS web application (affected versions not specified)

Description A cross-site scripting (XSS) issue exists in the search-autootaxi.php endpoint of the ATSMS web application. The application does not properly sanitize user input submitted through a form field, enabling an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This can allow attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions within the victim’s browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.