Description

Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly in the browser. When exploited, an attacker can steal session cookies, redirect users to malicious sites, perform actions on behalf of the user, or deface the website. This can lead to user data compromise, loss of user trust, and a broader attack surface for more advanced exploitation techniques.

INFO

Published Date :

2025-10-21T00:00:00.000Z

Last Modified :

2025-10-21T16:03:02.875Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60280 vulnerability.

Vendors Products
Hockeycomputindo
  • Bang Resto
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60280.

URL Resource
https://github.com/debug-security/CVE/tree/main/CVE-2025-60280 cve-icon cve-icon
https://vwrap.live/stored-xss-in-bangresto cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact