CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

CVE-2025-63544

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

CVE-2025-63544

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

CVE-2025-63543

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in the /searchresults endpoint via the q parameter...

CVE-2025-63543

CVE-2025-63543 affects TechStore 1.0 with an unvalidated q parameter in the /search_results endpoint, enabling Cross-Site Scripting (XSS). Public sources across Red Hat, NVD, CNNVD, EUVD, CVE/CVEList, and Vuln enrichment consistently describe a reflected/stored-like XSS concern tied to the search...

CVE-2025-63544

TechStore 1.0 is vulnerable to Cross Site Scripting XSS in /ordernotes via the id parameter...