CVE-2025-70890

Name of the Vulnerable Software and Affected Versions Cyber Cafe Management System version 1.0

Description A stored cross-site scripting (XSS) issue exists. An authenticated attacker can inject arbitrary JavaScript code into the username parameter through the ''/add-users.php'' endpoint. The injected code is saved and then runs in a victim’s browser when the affected page is viewed.

Recommendations Update Cyber Cafe Management System to a newer version that addresses this issue. As a temporary workaround, sanitize the username parameter input on the ''/add-users.php'' endpoint to prevent the injection of malicious scripts.