CVE-2025-65215 – This CVE describes a stored cross-site scriptin... (How to Fix)

Q: What is the severity of CVE-2025-65215?

CVE-2025-65215 has a CVSS score of 6.1 (MEDIUM). This CVE describes a stored cross-site scripting (XSS) vulnerability in the Sourcecodester Web-based Pharmacy Product Management System v1.0. Attackers can inject malicious scripts via the Supplier Name field in the product expiry module, which executes when other users view the supplier data. Organizations using this specific software version are affected.

📋 TL;DR

This CVE describes a stored cross-site scripting (XSS) vulnerability in the Sourcecodester Web-based Pharmacy Product Management System v1.0. Attackers can inject malicious scripts via the Supplier Name field in the product expiry module, which executes when other users view the supplier data. Organizations using this specific software version are affected.

💻 Affected Systems

Products:

Sourcecodester Web-based Pharmacy Product Management System

Versions: v1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation. Any deployment using the vulnerable version is affected regardless of configuration.

📦 What is this software?

Web Based Pharmacy Product Management System by Senior Walter

View all CVEs affecting Web Based Pharmacy Product Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, hijack accounts, deface the application, or redirect users to malicious sites, potentially leading to complete system compromise.

🟠

Likely Case

Attackers inject malicious scripts to steal session cookies or credentials from authenticated users, enabling unauthorized access to the pharmacy management system.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized, preventing any client-side execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the supplier management functionality, typically requiring authentication. The vulnerability is simple to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. If patch available, download and apply following vendor instructions. 3. Test functionality after patching.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation and HTML encoding for the Supplier Name field

Modify /product_expiry/add-supplier.php to sanitize input using htmlspecialchars() or similar functions

Content Security Policy

all

Implement CSP headers to restrict script execution

Add header: Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block XSS payloads in the Supplier Name parameter
Restrict access to the /product_expiry/ directory to authorized users only and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Test by entering <script>alert('XSS')</script> in the Supplier Name field and check if script executes when viewing suppliers

Check Version:

Check the software version in the admin panel or readme files

Verify Fix Applied:

Test the same payload after implementing fixes - script should not execute and should appear as plain text

📡 Detection & Monitoring

Log Indicators:

Unusual supplier names containing script tags or JavaScript code
Multiple failed login attempts followed by supplier creation

Network Indicators:

HTTP requests to /product_expiry/add-supplier.php with script tags in parameters
Outbound connections to suspicious domains from the application

SIEM Query:

source="web_server" AND uri="/product_expiry/add-supplier.php" AND (param="supplier_name" AND value MATCHES "<script.*>.*</script>")

📊 Metadata

CVE ID: CVE-2025-65215

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.05% exploit probability (15.6th percentile)

Published: December 2, 2025

Last Updated: December 5, 2025

🔗 References

https://github.com/vabnamoni/CVE-Researches/blob/main/CVE-2025-65215 Exploit,Third Party Advisory
https://www.linkedin.com/in/vabna-lina-24ab17186/ Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65215, you might also want to check these: