VYPR
Medium severity5.4NVD Advisory· Published Sep 16, 2025· Updated Jul 5, 2026

CVE-2025-57145

CVE-2025-57145

Description

A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ATSMS/ATSMS web applicationdescription
  • ATSMS/ATSMSllm-create

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.