CVE-2025-63883

Medium CVSS: 5.4

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). The site's client-side JavaScript reads attacker-controlled input (for example, values derived from the URL or page fragment) and inserts it into the DOM via unsafe sinks (innerHTML/insertAdjacentHTML/document.write) without proper sanitization or context-aware encoding. An attacker can craft a malicious URL that, when opened by a victim, causes arbitrary JavaScript to execute in the victim's browser under the electic-shop origin.

Vendor

Bhabishya-123

Product

E-commerce

CWE

CWE-79

Yayın Tarihi

2025-11-18 15:16:36

Güncelleme

2026-02-04 20:42:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 E-commerce MEDIUM Bhabishya-123 2025

Referanslar

https://github.com/minhajultaivin/security-advisories/blob/main/CVE-2025-63883.md

Benzer Kayıtlar

Medium

CVE-2025-15582

A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update…

Medium

CVE-2025-15583

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file uti…

Medium

CVE-2026-2164

A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the f…

Medium

CVE-2026-2165

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/asset…