CVE-2025-9103

Name of the Vulnerable Software and Affected Versions: ZenCart version 2.1.0

Description: A vulnerability exists in ZenCart 2.1.0 related to an unknown functionality of the component CKEditor. Manipulation of this functionality can lead to Cross-Site Scripting (XSS). The attack can be launched remotely. The exploit has been publicly disclosed and may be used. The existence of this vulnerability is currently doubted, with the vendor stating it is "intended behavior, allowed for authorized administrators".

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.