Techstore · Techstore · CVE-2025-66845
**Name of the Vulnerable Software and Affected Versions**
TechStore version 1.0
**Description**
A reflected Cross-Site Scripting (XSS) issue exists. The `/user name` API endpoint reflects the `id` query parameter directly into the HTML response without proper output encoding or sanitization. This allows for the execution of arbitrary JavaScript code in a victim’s browser.
**Recommendations**
Apply output encoding or sanitization to the `id` query parameter in the `/user name` endpoint to prevent the injection of malicious scripts.