CVE-2025-15583

Published
View on NVD ↗
CVSS v3
3.5
LOW
CVSS v2
4
MEDIUM
Affected
2
PROJECTS

Description

A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

detronetdip/E-commerce
detronetdip/E-commerce
A multivendor ecommerce website with admin panel, seller panel and deliveryboy panel
GitHubGitHub
134
Nixon-H/PHP-Stored-XSS-Bypass-Real-Escape
Nixon-H/PHP-Stored-XSS-Bypass-Real-Escape
A High-severity (7.6) Stored XSS vulnerability. The system uses mysqli_real_escape_string for sanitization, which fails to stop HTML injection. Attackers can inject malicious scripts into product fields to steal administrator session cookies and perform account takeovers.
GitHubGitHub