CVE-2025-47289 | CE-PhoenixCart up to 1.0.9.9/1.1.0.2/1.1.0.3 testimonial description cross site scripting (GHSA-98qq-m8qj-vvgj)

Inserito da Angelo Barbosa | Giu 2, 2025 | CVE

A vulnerability was found in CE-PhoenixCart PhoenixCart up to 1.0.9.9/1.1.0.2/1.1.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument testimonial description leads to cross site scripting.

This vulnerability is handled as CVE-2025-47289. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-47289 | CE-PhoenixCart up to 1.0.9.9/1.1.0.2/1.1.0.3 testimonial description cross site scripting (GHSA-98qq-m8qj-vvgj)

Post correlati

CVE-2025-23414 | OpenHarmony up to 5.0.2 Pre-installed Apps use after free

CVE-2023-41060 | Apple iOS/iPadOS up to 16.x type confusion

CVE-2024-38355 | socket.io up to 2.5.0/4.6.1 denial of service (GHSA-25hc-qcg6-38wj)

CVE-2025-5173 | HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf PT File neural_nets.py load path deserialization (Issue 765)