Medium severity5.4NVD Advisory· Published Sep 16, 2025· Updated Jul 5, 2026
CVE-2025-57145
CVE-2025-57145
Description
A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ATSMS/ATSMS web applicationdescription
Patches
Vulnerability mechanics
References
1- github.com/nandanacp/CVE-Collection/blob/main/CVE-2025-57145/README.mdnvdThird Party Advisory
News mentions
0No linked articles in our index yet.