CVE-2025-13793

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions winston-dsouza Ecommerce-Website versions up to 87734c043269baac0b4cfe9664784462138b1b2e

Description A weakness exists in winston-dsouza Ecommerce-Website. The issue affects some unknown functionality within the /includes/header menu.php file, specifically the GET Parameter Handler component. Manipulation of the Error parameter can lead to cross site scripting. The attack can be executed remotely. The exploit has been made publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-13793

Affected Products

Winston-Dsouza Ecommerce-Website

CVE-2025-13793

Weakness Enumeration

Related Identifiers

Affected Products

References · 9