Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/12/24 12:48 a.m.11 views

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

6.1CVSS6AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/12/23 2:16 p.m.5 views

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

6.1CVSS0.00178EPSS
Exploits0References1
OSV
OSV
added 2025/12/23 2:16 p.m.2 views

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

6.1CVSS6AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.4 views

PT-2025-52753

Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description A reflected Cross-Site Scripting XSS issue exists. The /user name API endpoint reflects the id query parameter directly into the HTML response without proper output encoding or sanitization. This allows for th...

6.1CVSS6.3AI score0.00178EPSS
Exploits0References4
CVE
CVE
added 2025/12/23 12:0 a.m.19 views

CVE-2025-66845

TechStore 1.0 exposes a reflected XSS in the user_name endpoint: the id query parameter is echoed into HTML without output encoding or sanitization, allowing execution of arbitrary JavaScript in a victim’s browser. Root cause is lack of input encoding on reflection. CVE-2025-66845 is documented a...

6.1CVSS5.6AI score0.00178EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/23 12:0 a.m.24 views

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 12:0 a.m.4 views

CVE-2025-66845

A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...

5.6AI score0.00178EPSS
Exploits0References1
Rows per page
Query Builder