Lucene search
+L

4 matches found

NVD
NVD
added 2025/06/02 11:15 a.m.21 views

CVE-2025-47289

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...

9CVSS0.00219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/02 11:0 a.m.14 views

CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...

6.3CVSS5.4AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/02 11:0 a.m.16 views

CVE-2025-47289 Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...

6.3CVSS0.00219EPSS
Exploits0References2
CVE
CVE
added 2025/06/02 11:0 a.m.53 views

CVE-2025-47289

Summary: CVE-2025-47289 is a stored XSS in CE Phoenix (versions 1.0.9.9–1.1.0.2) where an attacker can inject JavaScript into the testimonial description. When an admin approves the testimonial, the script runs in the context of any visiting user, and cookies may be exfiltrated because they are n...

9CVSS6AI score0.00219EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder