Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

HTML injection in Isshue from Bdtask

Posted date 06/11/2025
Identificador
INCIBE-2026-035
Importance
3 - Medium
Affected Resources

Isshue

Description

INCIBE has coordinated the publication of a medium-severity vulnerability affecting a Isshue by Bdtask, an eCommerce platform. The vulnerability was discovered by Gonzalo Aguilar García (6h4ack).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-40679: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N | CWE-79
Solution

No solution has been reported at this time.

Detail

CVE-2025-40679: injection HTML vulnerability in  Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting the 'product_name' parameter.

CVE
Explotación
No
References list
Isshue - eCommerce Shopping Cart Software & POS System
Etiquetas