VYPR

SOTESHOP

by SOTES

CVEs (2)

  • CVE-2025-1776MedFeb 28, 2025
    risk 0.40cvss 6.1epss 0.00

    Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/searchResults. This vulnerability can be exploited to steal sensitive user data,…

  • CVE-2025-40701MedFeb 23, 2026
    risk 0.33cvss epss 0.00

    Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be…