### Key Information Summary #### Vulnerability Overview - **CVE ID**: CVE-2025-61454 - **Disclosure Date**: October 13, 2025 - **Severity**: MEDIUM (CVSS v3.1 Score: 6.1) - **Vulnerability Type**: Reflected XSS (Cross-Site Scripting) #### Affected Product - **Vendor**: Independent (Rahsidhya [12]) - **Project**: Ecommerce - **Version**: 1.0 - **Vulnerable Endpoint**: http://localhost/e-commerce-main/search.php #### Vulnerability Details - **Description**: Unfiltered input in the `search` parameter is directly reflected in the HTML response, allowing injection of arbitrary JavaScript code. - **Example Request**: ```http POST /e-commerce-main/Search.php HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded search=%3Cscript%3Ealert(5)%3C/script%3E ``` - **Expected Result**: The browser executes the JavaScript code, displaying an alert box with the value `5`. #### Impact - Execution of arbitrary JavaScript code - Phishing or impersonation via HTML injection - Session hijacking or token theft - Forced browsing to malicious content - Credential collection via search form injection - Tampering with search results pages #### Recommended Remediation - Use `htmlspecialchars()` or equivalent to encode all unfiltered output before rendering as HTML. - Implement server-side input validation, especially for the `search` parameter. - Enforce a strong Content Security Policy (CSP) header to prevent inline script execution. - Avoid directly embedding unfiltered user input into HTML responses. - Apply context-appropriate output encoding (HTML, JavaScript, URL, CSS). - Use modern frameworks that provide automated XSS protection. #### Timeline - **Discovery Date**: September 16, 2025 - **Public Disclosure Date**: October 13, 2025 - **Patch Availability**: Not available at disclosure #### Discoverer - Tansique Dasari