关键漏洞信息 - CVE-2025-63883 CVE ID: CVE-2025-63883 Severity: Medium-High Weakness: CWE-79 — DOM-Based XSS Summary A DOM-based Cross-Site Scripting (XSS) vulnerability exists in E-commerce Electric-Shop v1.0 hosted at: GitHub repository. The search function uses unsafe DOM sinks like , enabling an attacker to execute arbitrary scripts from URL or search parameters. Affected Component Search input and related frontend JavaScript logic Proof of Concept An attacker can create a harmful URL using: :: innerHTML insertAdjacentHTML document.write textContent setAttribute`) Sanitize untrusted client-side input Implement strict Content Security Policy (CSP) Affected Product E-commerce Electric-Shop v1.0 (GitHub Project)