CVE-2025-2061 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-2061?

CVE-2025-2061 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to inject malicious scripts into the Online Ticket Reservation System 1.0 via the 'name' parameter in passenger.php. When users view affected pages, these scripts execute in their browsers, potentially stealing session cookies or redirecting to malicious sites. Anyone using this specific software version is affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into the Online Ticket Reservation System 1.0 via the 'name' parameter in passenger.php. When users view affected pages, these scripts execute in their browsers, potentially stealing session cookies or redirecting to malicious sites. Anyone using this specific software version is affected.

💻 Affected Systems

Products:

code-projects Online Ticket Reservation System

Versions: 1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with passenger.php accessible and the name parameter exposed.

📦 What is this software?

Online Ticket Reservation System by Fabian

View all CVEs affecting Online Ticket Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator session cookies, gain full system control, deface websites, or redirect users to phishing/malware sites.

🟠

Likely Case

Session hijacking of regular users, credential theft, or defacement of public-facing pages.

🟢

If Mitigated

Minimal impact if proper input validation and output encoding are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making attacks easy to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

No official patch available. Implement input validation and output encoding in passenger.php.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the name parameter in passenger.php

Edit passenger.php to add: $name = htmlspecialchars($_POST['name'], ENT_QUOTES, 'UTF-8');

WAF Rule

all

Deploy web application firewall rules to block XSS payloads in name parameter

Add WAF rule: Detect and block patterns like <script>, javascript:, onload= in name parameter

🧯 If You Can't Patch

Disable or restrict access to passenger.php if not essential
Implement Content Security Policy (CSP) headers to mitigate script execution

🔍 How to Verify

Check if Vulnerable:

Test by submitting <script>alert('XSS')</script> in the name parameter of passenger.php and check if script executes.

Check Version:

Check software documentation or about page for version information

Verify Fix Applied:

Repeat the test payload; script should not execute and special characters should be properly encoded.

📡 Detection & Monitoring

Log Indicators:

Unusual long strings in name parameter
Script tags or JavaScript patterns in passenger.php requests

Network Indicators:

HTTP requests to passenger.php with encoded script payloads in parameters

SIEM Query:

source="web_logs" AND uri="*passenger.php*" AND (param="*<script>*" OR param="*javascript:*" OR param="*onload=*")

📊 Metadata

CVE ID: CVE-2025-2061

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-79

EPSS Score: 0.1% exploit probability (27.2th percentile)

Published: March 7, 2025

Last Updated: October 23, 2025

🔗 References

https://code-projects.org/ Product
https://github.com/intercpt/XSS1/blob/main/XSS2.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.298816 Permissions Required,VDB Entry
https://vuldb.com/?id.298816 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.514529 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2061, you might also want to check these: