Filtered by vendor Bhabishya-123
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63883 | 1 Bhabishya-123 | 1 E-commerce | 2025-11-19 | 5.4 Medium |
| A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). The site's client-side JavaScript reads attacker-controlled input (for example, values derived from the URL or page fragment) and inserts it into the DOM via unsafe sinks (innerHTML/insertAdjacentHTML/document.write) without proper sanitization or context-aware encoding. An attacker can craft a malicious URL that, when opened by a victim, causes arbitrary JavaScript to execute in the victim's browser under the electic-shop origin. | ||||
| CVE-2025-61456 | 1 Bhabishya-123 | 1 E-commerce | 2025-10-28 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request. | ||||
| CVE-2025-61455 | 1 Bhabishya-123 | 1 E-commerce | 2025-10-28 | 9.8 Critical |
| SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authentication and gain full access. | ||||
| CVE-2025-61454 | 1 Bhabishya-123 | 1 E-commerce | 2025-10-28 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request. | ||||
Page 1 of 1.