CVE-2025-9103
BaseFortify
Publication date: 2025-08-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zencart | zencart | 2.1.0 |
| ckeditor | ckeditor | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9103 is a stored Cross-Site Scripting (XSS) vulnerability in Zen-Cart version 2.1.0 related to its CKEditor component. The issue arises because CKEditor's "Insert image from URL" feature does not properly filter input, allowing attackers to insert malicious URLs, such as those pointing to PHP cookie stealers or JavaScript payloads. When a product page containing such malicious content is loaded, the embedded script executes, potentially stealing cookies or running arbitrary scripts. This vulnerability requires the attacker to have access to the admin interface to switch the editor to CKEditor and insert the malicious URL. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to remote execution of malicious scripts within the context of the affected Zen-Cart site. An attacker can steal cookies, potentially hijacking user sessions, or execute arbitrary JavaScript code, which can compromise user data or site integrity. Since the attack requires admin-level access to insert the malicious payload, the risk is primarily to authorized administrators and users interacting with the affected product pages. The exploit can be used to perform unauthorized actions or gather sensitive information. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if Zen-Cart 2.1.0 is using CKEditor as the text editor and if the 'Insert image from URL' feature allows insertion of URLs pointing to potentially malicious scripts or SVG images without proper filtering. Detection can involve reviewing product pages edited via CKEditor for suspicious image URLs or embedded scripts. Specifically, you can verify if the editor is set to CKEditor by accessing the admin interface or checking the URL parameter `/index.php?cmd=define_pages_editor`. To detect exploitation attempts, monitor web server logs for requests containing suspicious URLs or payloads inserted via CKEditor. There are no specific commands provided, but manual inspection of product pages and admin settings is recommended. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or avoiding the use of CKEditor's 'Insert image from URL' feature in Zen-Cart 2.1.0, or switching the text editor back to 'Plain Text' mode to prevent insertion of malicious URLs. Restrict administrative access to trusted users only, as exploitation requires administrator privileges. Additionally, review and sanitize any existing product pages for malicious payloads inserted via CKEditor. Since no official patches or countermeasures are identified, consider replacing CKEditor with an alternative editor that properly filters input or upgrading Zen-Cart if a fixed version becomes available. [2, 3]