PT-2025-43218 · Weboccult Technologies Pvt · Email Attachment By Order Status &Amp; Products

Martino Spagnuolo

Published

2025-10-22

Updated

2025-11-18

CVE-2025-49957

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Email Attachment by Order Status & Products versions n/a through 1.0.1

Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This issue impacts the Email Attachment by Order Status & Products application. The flaw could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is not specified.

Recommendations Update Email Attachment by Order Status & Products to a version greater than 1.0.1.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-49957

Affected Products

Email Attachment By Order Status &Amp; Products

PT-2025-43218 · Weboccult Technologies Pvt · Email Attachment By Order Status &Amp; Products

CVE-2025-49957

Weakness Enumeration

Related Identifiers

Affected Products

References · 5