Platform
php
Fixed in
1.0.1
CVE-2025-13412 describes a cross-site scripting (XSS) vulnerability affecting Campcodes Retro Basketball Shoes Online Store versions 1.0. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability resides in the /admin/adminrunning.php file and is triggered by manipulating the productname argument. A patch is expected to resolve this issue.
Successful exploitation of CVE-2025-13412 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to the theft of sensitive information, such as session cookies, which can then be used to impersonate the user. An attacker could also inject malicious code to redirect users to phishing sites or deface the website. The remote nature of the vulnerability means that an attacker does not need to be on the same network as the target system to exploit it.
This vulnerability has been publicly disclosed. A proof-of-concept exploit may be available, increasing the risk of exploitation. The CVSS score is LOW (2.4), suggesting that the vulnerability is relatively easy to exploit and has a limited impact. No KEV listing or active exploitation campaigns have been reported as of the publication date.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13412 is to upgrade to a patched version of Campcodes Retro Basketball Shoes Online Store. As no fixed version is specified, contact the vendor for an update. Until a patch is available, consider implementing input validation and output encoding on the productname parameter in /admin/adminrunning.php to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide a layer of protection.
Update to a patched version or apply the necessary security measures to prevent the injection of malicious code through the product_name parameter in the admin_running.php file. Validating and sanitizing user input is crucial to prevent XSS (Cross-Site Scripting) attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13412 is a cross-site scripting (XSS) vulnerability in Campcodes Retro Basketball Shoes Online Store version 1.0, allowing attackers to inject malicious scripts via the product_name parameter.
If you are running Campcodes Retro Basketball Shoes Online Store version 1.0, you are potentially affected by this vulnerability. Check with the vendor for a patch.
The recommended fix is to upgrade to a patched version of Campcodes Retro Basketball Shoes Online Store. Contact the vendor for an update.
While no active exploitation campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Please refer to the Campcodes website or contact their support team for the official advisory regarding CVE-2025-13412.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.