PT-2025-52753 · Techstore · Techstore

Murat Sevri

+1

·

Published

2025-12-23

·

Updated

2025-12-23

·

CVE-2025-66845

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions TechStore version 1.0
Description A reflected Cross-Site Scripting (XSS) issue exists. The /user name API endpoint reflects the id query parameter directly into the HTML response without proper output encoding or sanitization. This allows for the execution of arbitrary JavaScript code in a victim’s browser.
Recommendations Apply output encoding or sanitization to the id query parameter in the /user name endpoint to prevent the injection of malicious scripts.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-66845

Affected Products

Techstore