CNNVD-202509-1747 Information

CNNVD ID

CNNVD-202509-1747

Related CVE

CVE-2025-52074

• CNNVD Published: 2025-09-12

Description (Chinese)

PHPGurukul Online Shopping Portal是PHPGurukul公司的一个在线商店。 PHPGURUKUL Online Shopping Portal 2.1版本存在安全漏洞，该漏洞源于添加商品到购物车时未对quantity参数进行输入清理，可能导致跨站脚本攻击。

Description (English)

PHPGurukul Online Shoping Portal is an online shop of PHPGurukul. PHPGURUKUL Online Shopping Portal version 2.1 contains a security loophole resulting from the non-entry clearance of quantity parameters when adding goods to the shopping van, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PHPGurukul

Published

2025-09-12

Last Modified

2026-02-24

References

https://github.com/NullMinds/CVE-Hunting/blob/main/Online%20Shopping%20Portal/Stored%20XSS%20in%20Quantity%20Parameter.pdf https://access.redhat.com/security/cve/cve-2025-52074