cvedb.io
CVE-2025-60280
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-10-21T16:15:38.257 · Last modified 2026-06-17T09:49:38.063

Summary

Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly in the browser. When exploited, an attacker can steal session cookies, redirect users to malicious sites, perform actions on behalf of the user, or deface the website. This can lead to user data compromise, loss of user trust, and a broader attack surface for more advanced exploitation techniques.

Affected products

hockeycomputindo — bang_resto

Does this affect you?

Add your gear to cvedb and we'll alert you only when hockeycomputindo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.