CVE-2025-60991

A reflected cross-site scripted XSS vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter...

CVE-2025-60991

A reflected cross-site scripted XSS vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter...

CVE-2025-60991

Codazon Magento Themes (v1.1.0.0–v2.4.7) contains a reflected XSS that allows an attacker to execute arbitrary JavaScript in a user’s browser via a crafted payload in the cat parameter. Root cause described across multiple sources as insufficient input handling/escaping in the cat parameter leadi...

PT-2025-40285

Name of the Vulnerable Software and Affected Versions Codazon Magento Themes versions 1.1.0.0 through 2.4.7 Description A reflected cross-site scripting XSS issue exists in Codazon Magento Themes. This allows attackers to execute arbitrary Javascript within a user's browser by injecting a crafted...

CVE-2025-60991

A reflected cross-site scripted XSS vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter...

Codazon Magento Themes 安全漏洞

Codazon Magento Themes is a series of Magento platform-specific website themes and templates from Codazon. A security vulnerability exists in Codazon Magento Themes versions v1.1.0.0 through v2.4.7, which stems from insufficient cat parameter cleanup and escaping, and could lead to a reflective...