25 matches found
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
PT-2025-52753
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description A reflected Cross-Site Scripting XSS issue exists. The /user name API endpoint reflects the id query parameter directly into the HTML response without proper output encoding or sanitization. This allows for th...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-66845
TechStore 1.0 exposes a reflected XSS in the user_name endpoint: the id query parameter is echoed into HTML without output encoding or sanitization, allowing execution of arbitrary JavaScript in a victim’s browser. Root cause is lack of input encoding on reflection. CVE-2025-66845 is documented a...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
CVE-2025-63544
TechStore 1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the /order_notes endpoint through the id parameter. The issue stems from insufficient input handling for the id parameter, enabling script injection. Impact is XSS in affected pages; no exploitation details are provided in...
CVE-2025-63543
CVE-2025-63543 affects TechStore 1.0 with an unvalidated q parameter in the /search_results endpoint, enabling Cross-Site Scripting (XSS). Public sources across Red Hat, NVD, CNNVD, EUVD, CVE/CVEList, and Vuln enrichment consistently describe a reflected/stored-like XSS concern tied to the search...
EUVD-2025-38306
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...
EUVD-2025-38298
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...
PT-2025-45504
Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /order notes API endpoint through the id parameter. Recommendations As a mitigation, restrict or sanitize input to the ...
TechStore Pro 安全漏洞
TechStore Pro is an e-commerce platform for nooncarlett individual developers. A security vulnerability exists in TechStore Pro version 1.0, which stems from an unvalidated parameter q in the /searchresults endpoint that could lead to a cross-site scripting attack...
CVE-2025-63543
TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...