Home

Description

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-23 | Updated 2025-12-23 | Assigner mitre

References

gist.github.com/MuratSevri/d78efed86ca5f82e8a6683ace5061319

cve.org (CVE-2025-66845)

nvd.nist.gov (CVE-2025-66845)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.