25 matches found
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
PT-2025-52753
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description A reflected Cross-Site Scripting XSS issue exists. The /user name API endpoint reflects the id query parameter directly into the HTML response without proper output encoding or sanitization. This allows for th...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
TechStore 1.0 exposes a reflected XSS in the user_name endpoint: the id query parameter is echoed into HTML without output encoding or sanitization, allowing execution of arbitrary JavaScript in a victim’s browser. Root cause is lack of input encoding on reflection. CVE-2025-66845 is documented a...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
PT-2025-45503
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /search results API endpoint through the q parameter. An attacker could potentially inject malicious scripts into the w...
TechStore Pro 安全漏洞
TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from incorrect manipulation of the parameter id in the file /ordernotes and could lead to a cross-site scripting attack...
EUVD-2025-38306
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
TechStore Pro 安全漏洞
TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from an unvalidated parameter q in the /searchresults endpoint that could lead to a cross-site scripting attack...
EUVD-2025-38298
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
PT-2025-45504
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /order notes API endpoint through the id parameter. Recommendations As a mitigation, restrict or sanitize input to the ...