Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Reflected Cross Site Scripting (XSS) in Real Easy Store

Posted date 28/05/2025
Identificador
INCIBE-2025-0274
Importance
3 - Medium
Affected Resources

Real Easy Store.

Description

INCIBE has coordinated the publication of a medium severity vulnerability affecting Real Easy Store, a software that offers a set of functions and capabilities to create an online store, which has been discovered by Edgar Carrillo.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-40651: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Solution

There is no reported solution at this time.

Detail

CVE-2025-40651: reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

References list
Real Easy Store - Product Website
Etiquetas