PT-2025-4070 · Unknown · Needyamin Library Card System

Maloy Roy Orko

Published

2025-01-29

Updated

2025-02-04

CVE-2025-0844

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions needyamin Library Card System version 1.0

Description A problem was found in the needyamin Library Card System. It affects an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the arguments firstname, lastname, email, borrow, user address leads to cross site scripting. The attack can be launched remotely. Other parameters might be affected as well.

Recommendations needyamin Library Card System version 1.0: Update the signup.php file in the Registration Page component to prevent the manipulation of the firstname, lastname, email, borrow, user address arguments, which lead to cross site scripting.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-0844

Affected Products

Needyamin Library Card System

PT-2025-4070 · Unknown · Needyamin Library Card System

CVE-2025-0844

Weakness Enumeration

Related Identifiers

Affected Products

References · 11