CVE-2025-13180 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System /edit_profile cross site scripting

A vulnerability marked as problematic has been reported in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in basic cross site scripting.

This vulnerability is cataloged as CVE-2025-13180. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13180 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System /edit_profile cross site scripting

Post correlati

CVE-2024-24136 | SourceCodester Math Game with Leaderboard 1.0 Score Section Your Name cross site scripting

CVE-2025-10806 | Campcodes Online Beauty Parlor Management System 1.0 bwdates-reports-details.php fromdate/todate sql injection

CVE-2024-5744 | WP-FeedStats wp-eMember Plugin up to 10.6.6 on WordPress Attribute $_SERVER[‘REQUEST_URI’] cross site scripting

CVE-2024-29926 | HasThemes WC Builder Plugin up to 1.0.18 on WordPress cross site scripting