CVE-2025-63544

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-11-07

Last updated on: 2025-11-21

Assigner: MITRE

Description

TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-11-07

Last Modified

2025-11-21

Generated

2026-05-07

AI Q&A

2025-11-07

EPSS Evaluated

2026-05-05

NVD

CVE-2025-63544

Affected Vendors & Products

Vendor	Product	Version / Range
nooncarlett	techstore	1.0

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a Cross Site Scripting (XSS) issue in TechStore 1.0, specifically in the /order_notes endpoint via the id parameter. It means that an attacker can inject malicious scripts into the web application through the id parameter, which can then be executed in the browsers of users who visit the affected page.

How can this vulnerability impact me? :

The impact of this vulnerability includes potential theft of user session cookies, defacement of the website, redirection to malicious sites, and execution of unauthorized actions on behalf of users. It can compromise user data and the integrity of the web application.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-63544

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart