CVE-2025-61454

Name of the Vulnerable Software and Affected Versions Bhabishya-123 E-commerce version 1.0

Description A Cross-Site Scripting (XSS) issue exists in the software, specifically within the search functionality. The /search API endpoint reflects unsanitized input directly into the response HTML, potentially enabling attackers to execute arbitrary JavaScript in a user's browser through a malicious link or crafted request. The vulnerable parameter is /search.

Recommendations Sanitize all user-supplied input to the /search endpoint to prevent the injection of malicious scripts.