CVE-2025-10794 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-10794?

CVE-2025-10794 has a CVSS score of 4.3 (MEDIUM). This is a cross-site scripting (XSS) vulnerability in PHPGurukul Car Rental Project 3.0 that allows attackers to inject malicious scripts via the 'autofocus' parameter in the search.php file. Attackers can execute arbitrary JavaScript in victims' browsers when they visit the vulnerable page. This affects any organization using the vulnerable version of this car rental management software.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in PHPGurukul Car Rental Project 3.0 that allows attackers to inject malicious scripts via the 'autofocus' parameter in the search.php file. Attackers can execute arbitrary JavaScript in victims' browsers when they visit the vulnerable page. This affects any organization using the vulnerable version of this car rental management software.

💻 Affected Systems

Products:

PHPGurukul Car Rental Project

Versions: Version 3.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Car Rental Project by Phpgurukul

View all CVEs affecting Car Rental Project →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect users to malicious sites, or install malware through drive-by downloads.

🟠

Likely Case

Attackers steal session cookies to hijack user accounts, potentially gaining administrative access to the car rental system.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized before execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit has been published and can be launched remotely without authentication. Attack complexity is low as it only requires crafting a malicious URL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: https://phpgurukul.com/

Restart Required: No

Instructions:

Check PHPGurukul website for security updates. If no patch is available, implement input validation and output encoding in search.php to sanitize the autofocus parameter.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add server-side validation to sanitize the autofocus parameter before processing

Edit search.php to add: $autofocus = htmlspecialchars($_GET['autofocus'], ENT_QUOTES, 'UTF-8');

Content Security Policy

all

Implement CSP headers to restrict script execution sources

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to PHP: header("Content-Security-Policy: default-src 'self'; script-src 'self'");

🧯 If You Can't Patch

Implement a web application firewall (WAF) with XSS protection rules
Restrict access to the vulnerable endpoint using network segmentation or authentication

🔍 How to Verify

Check if Vulnerable:

Test by accessing: http://[target]/carrental/search.php?autofocus=<script>alert('XSS')</script> and check if script executes

Check Version:

Check project documentation or configuration files for version information

Verify Fix Applied:

After implementing fixes, test with the same payload and verify no script execution occurs

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /carrental/search.php with script tags or JavaScript in parameters
Unusual parameter values containing <script>, javascript:, or encoded payloads

Network Indicators:

HTTP requests with suspicious autofocus parameter values
Outbound connections to unknown domains following visits to search.php

SIEM Query:

source="web_logs" AND uri_path="/carrental/search.php" AND (query_string="*<script>*" OR query_string="*javascript:*" OR query_string="*onload=*" OR query_string="*onerror=*")

📊 Metadata

CVE ID: CVE-2025-10794

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.06% exploit probability (19.9th percentile)

Published: September 22, 2025

Last Updated: September 25, 2025

🔗 References

https://github.com/tddgns/cve/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://phpgurukul.com/ Product
https://vuldb.com/?ctiid.325151 Permissions Required,VDB Entry
https://vuldb.com/?id.325151 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.654067 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10794, you might also want to check these: