CVE-2025-13178

Medium CVSS: 5.1

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Bdtask

Product

Saleserp

CWE

CWE-74

Yayın Tarihi

2025-11-14 19:15:58

Güncelleme

2025-11-24 13:57:19

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Saleserp MEDIUM Bdtask 2025

Referanslar

https://github.com/4m3rr0r/PoCVulDb/issues/2 https://vuldb.com/?ctiid.332468 https://vuldb.com/?id.332468 https://vuldb.com/?submit.684820 https://github.com/4m3rr0r/PoCVulDb/issues/2

Benzer Kayıtlar

High

CVE-2019-25505

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries…

Medium

CVE-2026-1599

A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected ele…

Medium

CVE-2026-1600

A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted ele…

Medium

CVE-2026-1598

A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknow…

Medium

CVE-2026-1597

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the comp…

Medium

CVE-2021-47769

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, cu…