CVE-2025-13178 | Bdtask/CodeCanyon SalesERP up to 20250728 User Profile /edit_profile first_name/last_name cross site scripting

A vulnerability identified as problematic has been detected in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting.

This vulnerability is tracked as CVE-2025-13178. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13178 | Bdtask/CodeCanyon SalesERP up to 20250728 User Profile /edit_profile first_name/last_name cross site scripting

Post correlati

CVE-2023-6202 | Mattermost up to 7.8.12/8.1.3/9.0.1/9.1.0 users access control

CVE-2023-25174 | Intel Chipset Driver Software prior 10.1.19444.8378 access control (intel-sa-00928)

CVE-2024-32822 | impleCode Reviews Plus Plugin up to 1.3.4 on WordPress authorization

CVE-2024-55500 | Avenwu Whistle up to 2.9.90 cross-site request forgery