CVE-2025-15583
Last modified
CVE-2025-15583 is a low-severity vulnerability rated 2/10 on the CVSS scale. A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Detronetdip | E-Commerce | 1.0.0 |
References
- https://github.com/Nixon-H/PHP-Stored-XSS-Bypass-Real-EscapeExploit, Mitigation, Third Party Advisory
- https://github.com/detronetdip/E-commerce/issues/23Exploit, Issue Tracking, Vendor Advisory
- https://vuldb.com/?ctiid.346487Permissions Required, VDB Entry
- https://vuldb.com/?id.346487Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.754033Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-15583?
How severe is CVE-2025-15583?
How do I fix CVE-2025-15583?
Are you affected by CVE-2025-15583?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST