anonhaven
Ad

CVE-2025-15214

MEDIUM CVSS 4.0: 4.8 EPSS 0.02%
Updated Jan 07, 2026
Campcodes
Parameter Value
CVSS 4.8 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS)), CWE-94 (Code Injection)
Vendor Campcodes
Public PoC No

A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the argument name/ride results in cross site scripting.

The attack may be performed from remote. The exploit has been made public and could be used.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
High
Admin privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)
CWE-94 Code Injection

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Campcodes Park_Ticketing_System
cpe:2.3:a:campcodes:park_ticketing_system:1.0:*:*:*:*:*:*:*

References 6

https://github.com/dobkill/CVE/issues/2
cna@vuldb.com
https://vuldb.com/?ctiid.338599
cna@vuldb.com
https://vuldb.com/?id.338599
cna@vuldb.com
https://vuldb.com/?submit.725104
cna@vuldb.com
https://vuldb.com/?submit.728898
cna@vuldb.com
https://www.campcodes.com/
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5546

Campcodes

5.3

CVE-2026-0597

Campcodes

5.3

CVE-2025-15404

Campcodes

5.3

CVE-2025-15207

Campcodes

6.9

CVE-2025-15206

Campcodes

6.9