Home

Description

A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-20 | Updated 2025-10-20 | Assigner mitre

References

github.com/tansique-17/CVE-2025-61454

cve.org (CVE-2025-61454)

nvd.nist.gov (CVE-2025-61454)

Download JSON