CVE-2025-63883

Name of the Vulnerable Software and Affected Versions electic-shop version 1.0

Description A DOM-based cross-site scripting issue exists where the client-side JavaScript reads attacker-controlled input and inserts it into the DOM via unsafe sinks, specifically innerHTML, insertAdjacentHTML, and document.write, without proper sanitization or encoding. An attacker can create a malicious URL that, when opened by a victim, causes arbitrary JavaScript to execute in the victim's browser under the electic-shop origin. The input is derived from the URL or page fragment.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.