CVE-2025-1776 Information

Description

Cross-Site Scripting (XSS) vulnerability in Soteshop versions prior to 8.3.4 which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/searchResults. This vulnerability can be exploited to steal sensitive user data such as session cookies or to perform actions on behalf of the user.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-soteshop