Description
A stored cross-site scripting (XSS) vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the affected page is accessed.
References
https://github.com/efekaanakkar/Cyber-Cafe-Management-System-CVEs/tree/main/CVE-2025-70890
ExploitMitigationThird Party Advisory
Weaknesses
134c704f-9b21-4f2e-91b3-4a467353bcc0
Secondary
CWE-79
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 · Medium
Information
Source identifier
Vulnerability status
Analyzed
Published
2026-01-15T21:16:04.733Z
1 month agoLast modified
2026-01-22T16:01:53.427Z
4 weeks ago