Preloader Image

VWrap Vulnerability Scanner is a tool that detects and reports security vulnerabilities in web applications and systems.

Recent Blog Post

Top 5 Cybersecurity Threats Facing Businesses
January 01, 2025

Top 5 Cybersecurity Threats Facing Businesses in 2025

Why Regular Vulnerability Scanning Is Essential for Business Cybersecurity
January 20, 2025

Why Regular Vulnerability Scanning Is Essential for Business

Top 5 Web Vulnerabilities Hackers Love to Exploit
February 15, 2025

Top 5 Web Vulnerabilities Hackers Love to Exploit

Stored XSS in Bangresto [CVE-2025-60280]

CVE-2025-60280 - Reflected Cross-Site Scripting (XSS) in Bang Resto v1.0
admin Leave a Commenton Stored XSS in Bangresto [CVE-2025-60280]

Summary

CVE ID: CVE-2025-60280
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Severity: Medium
CVSS Score: 6.1 (Estimated)
Date Published: October 13, 2025
Discovered by: Debug Security
Affected Product: Bang Resto v1.0
Vendor Confirmation: ✅ Yes

Vulnerability Description
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Bang Resto v1.0, a web-based restaurant management system. This flaw resides in the itemName parameter, which fails to properly sanitize user input before rendering it on the page.

Attackers can exploit this vulnerability to inject arbitrary JavaScript code, potentially leading to:

  • Session hijacking
  • Phishing attacks
  • Malicious redirections
  • User impersonation
  • Website defacement

This vulnerability has been assigned CVE-2025-60280 by MITRE.

Proof of Concept (PoC)

A simple payload can trigger the vulnerability as follows:

curl -k -b cookies.txt -X POST 'https://192.168.1.74/bangresto/admin/menu.php'
-H 'Content-Type: application/x-www-form-urlencoded'
--data 'addItem=&itemName=pHqghUme--><ScRiPt%20>alert('XSS')</ScRiPt><!--&itemPrice=1&menuID=1'
-s -o resp.html

Upon visiting the URL, the injected JavaScript executes in the victim’s browser, demonstrating a successful reflected XSS attack.

🔍 Technical Analysis

The vulnerability occurs due to lack of input validation and insufficient output encoding on the itemName parameter.

Recommendations

  • Validate and sanitize all user inputs on both client and server sides.
  • Use output encoding libraries such as OWASP’s Java Encoder or PHP’s htmlspecialchars().
  • Implement Content Security Policy (CSP) headers to reduce script execution risks.
  • Monitor logs for unusual parameter usage.

🔗 References

About the Researcher

This vulnerability was discovered by Debug Security, an independent security researcher focused on web application vulnerabilities and responsible disclosure.

Leave A Comment

Your email address will not be published. Required fields are marked *

About Us

VWrap Scanner is a powerful cybersecurity tool that offers robust and user-friendly vulnerability assessments. It serves as your first line of defense, providing real-time scanning across systems, networks, and applications.

Quick Link

Explore

Contact Us

Phone No:

+1 209 32 60 005

Email Address:

info@vwrap.live

Address:

12th Street, New York, United State

Copyright 2025 VWrap Scanner. All Rights Reserved By VWrap