Unknown · Real Easy Store · CVE-2025-40651
**Name of the Vulnerable Software and Affected Versions**
Real Easy Store (affected versions not specified)
**Description**
A Reflected Cross-Site Scripting (XSS) issue allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL using the `keyword` parameter in "/index.php?a=search". This can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.