TechStore
by TechStore
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66845 | 0.00 | — | 0.00 | Dec 23, 2025 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser. | |||
| CVE-2025-63543 | 0.00 | — | 0.00 | Nov 7, 2025 | TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the q parameter. | |||
| CVE-2025-63544 | 0.00 | — | 0.00 | Nov 7, 2025 | TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter. |
- CVE-2025-66845Dec 23, 2025risk 0.00cvss —epss 0.00
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser.
- CVE-2025-63543Nov 7, 2025risk 0.00cvss —epss 0.00
TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /search_results endpoint via the q parameter.
- CVE-2025-63544Nov 7, 2025risk 0.00cvss —epss 0.00
TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter.