Vulnerabilities

CVE-2025-66845

by Fred · 23/12/2025

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser.

More information : https://gist.github.com/MuratSevri/d78efed86ca5f82e8a6683ace5061319

Similar

Tags: Cybersecurity Alert