PT-2025-35087 · Unknown · Puneethreddyhc Online Shopping System Advanced Version 1.0

Jairajparyani

Published

2025-08-28

Updated

2025-08-28

CVE-2025-51971

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PuneethReddyHC Online Shopping System Advanced version 1.0

Description A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php file. Unsanitized user input in the f name parameter is reflected in the server response without proper HTML encoding or output escaping, potentially allowing remote attackers to inject arbitrary JavaScript code.

Recommendations Ensure proper HTML encoding or output escaping is implemented for the f name parameter in the register.php file.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-51971

Affected Products

Puneethreddyhc Online Shopping System Advanced Version 1.0

CVE-2025-51971

Weakness Enumeration

Related Identifiers

Affected Products

References · 5