Plattform
php
Komponente
fc65dafa7237cc66a18ef6005075c31b
Behoben in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in code-projects Online Shop versions 1.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user data and session integrity. The vulnerability resides within the /view.php file and is triggered by manipulating the 'name/details' parameter. A patch is available in version 1.0.1.
Successful exploitation of CVE-2025-0175 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, defacement of the website, and redirection to phishing sites. Sensitive information, such as user credentials and personal data, could be stolen. The impact is amplified if the Online Shop is used to process financial transactions or handle sensitive customer information, potentially leading to significant financial and reputational damage.
This vulnerability has been publicly disclosed. While no active exploitation campaigns have been confirmed, the availability of the vulnerability details increases the risk of exploitation. The CVSS score of 3.5 (LOW) indicates a relatively low probability of exploitation, but proactive mitigation is still recommended. The vulnerability was published on 2025-01-03.
Small to medium-sized businesses utilizing code-projects Online Shop version 1.0 for e-commerce or product display are at risk. Shared hosting environments where multiple users share the same server resources are particularly vulnerable, as a compromise of one user's installation could potentially impact others.
• php / web:
grep -r "name/details" /var/www/html/view.php• generic web:
curl -I http://your-shop-url.com/view.php?name/details=<script>alert(1)</script>disclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-0175 is to upgrade to version 1.0.1 of Online Shop, which includes the necessary fix. If upgrading immediately is not feasible, implement strict input validation and output encoding on the 'name/details' parameter within the /view.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly review and update the application's security configuration to minimize the attack surface.
Aktualisieren auf eine gepatchte Version oder die notwendigen Sicherheitsmaßnahmen anwenden, um die XSS-Vulnerability zu vermeiden. Die Benutzereingaben in der Datei /view.php validieren und bereinigen, insbesondere die Parameter 'name' und 'details', bevor sie auf der Webseite angezeigt werden. HTML-Escape-Funktionen verwenden, um die Ausführung von bösartigem Code zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-0175 is a cross-site scripting (XSS) vulnerability affecting Online Shop versions 1.0 through 1.0, allowing attackers to inject malicious scripts via the /view.php file.
Yes, if you are running Online Shop version 1.0, you are vulnerable to this XSS attack. Upgrade to version 1.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 1.0.1. As a temporary workaround, implement strict input validation and output encoding on the 'name/details' parameter.
While no active exploitation campaigns have been confirmed, the public disclosure of the vulnerability increases the risk of exploitation. Proactive mitigation is advised.
Refer to the code-projects website or relevant security forums for the official advisory regarding CVE-2025-0175.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.