Online Shopping Portal /admin/updateorder.php Cross-Site Scripting Vulnerability

Online Shopping Portal is an online store. Online Shopping Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in /admin/updateorder.php, which can be exploited by an attacker to execute arbitrary web script o...

CVE-2025-57576

CVE-2025-57576 affects the PHPGurukul Online Shopping Portal 2.1, with a Cross-Site Scripting (XSS) vulnerability in the /admin/updateorder.php endpoint. The issue arises from insufficient input validation/escaping of user-supplied data, enabling an attacker to inject and execute arbitrary web sc...