CVE-2025-57145
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A stored XSS vulnerability in the search-autootaxi.php endpoint of the ATSMS web application. Improper input sanitization allows injection of arbitrary JavaScript, which is stored and executed when the report page is accessed.
Risk Assessment
Attackers can steal session cookies, hijack user sessions, and perform unauthorized actions in the victim's browser, compromising data confidentiality and integrity.
Recommendation
Implement input validation and sanitization for the form field, and apply output encoding (e.g., HTML entity encoding) for all data displayed on the report page.
Original NVD description (English source)
A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser.

