CVE-2025-15583
Cross-Site Scripting in detronetdip E-commerce get_safe_value
Publication date: 2026-02-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| detronetdip | e-commerce | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-15583 is a Stored Cross-Site Scripting (XSS) vulnerability in detronetdip E-commerce version 1.0.0, specifically in the function get_safe_value located in utility/function.php.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because get_safe_value uses mysqli_real_escape_string() to sanitize inputs, which only protects against SQL injection but does not encode HTML entities like < or >. This allows attackers to inject malicious JavaScript code into product-related fields such as product_name or description.'}, {'type': 'paragraph', 'content': "The malicious payload is stored persistently in the database and executes when an administrator views product list or approval pages in the backend dashboard, running the script in the administrator's browser session."}, {'type': 'paragraph', 'content': 'Exploitation can be done remotely by sending crafted POST requests to endpoints like seller/assets/backend/product/updateproduct.php, leveraging an Insecure Direct Object Reference (IDOR) vulnerability to inject the payload.'}, {'type': 'paragraph', 'content': 'The root cause is improper input sanitization and lack of proper output encoding, which allows execution of injected scripts in the browser.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have several serious impacts:
- Session Hijacking: Attackers can steal administrator session cookies (PHPSESSID) via injected scripts, enabling full account takeover.
- Persistent Malware: The malicious script executes every time the affected page loads, allowing repeated infections.
- Phishing and Defacement: Attackers can manipulate the webpage DOM to display fake login forms or misleading content, potentially tricking administrators.
Overall, this can lead to compromise of administrative accounts, unauthorized access, data manipulation, and loss of trust in the application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to inject a JavaScript payload into product-related fields such as product_name or description via the endpoint seller/assets/backend/product/updateproduct.php. A practical detection method involves sending a crafted POST request with a script payload and observing if the payload is stored and executed when the administrator views the product list or approval pages.'}, {'type': 'paragraph', 'content': 'An example command to test for this vulnerability is using curl to send a POST request with a JavaScript payload in the product name field:'}, {'type': 'list_item', 'content': 'curl -X POST -H "Cookie: PHPSESSID=[Session_ID]" -d "id=10" -d "name=<script>alert(\'XSS_ADMIN_TAKEOVER\')</script>" -d "price=1000" -d "sellprice=1" -d "quantity=10" "http://localhost:3000/seller/assets/backend/product/updateproduct.php"'}, {'type': 'paragraph', 'content': 'If the payload is stored and triggers an alert or executes when the administrator accesses the backend pages, the system is vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, vulnerable instances can be identified using Google dorking techniques such as searching for inurl:utility/function.php to find affected installations.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation involves implementing proper output encoding when displaying user-controllable data in HTML contexts rather than relying solely on input sanitization.'}, {'type': 'paragraph', 'content': 'Specifically, continue using mysqli_real_escape_string() to prevent SQL injection, but apply htmlspecialchars() with appropriate flags (such as ENT_QUOTES and UTF-8 encoding) when outputting data to the browser. For example:'}, {'type': 'list_item', 'content': "echo htmlspecialchars($row['product_name'], ENT_QUOTES, 'UTF-8');"}, {'type': 'paragraph', 'content': "This ensures that HTML entities are encoded, preventing execution of injected scripts in the administrator's browser."}, {'type': 'paragraph', 'content': 'Since no official patch or response has been provided by the project maintainers, consider replacing the affected software with an alternative product if immediate code changes are not feasible.'}] [1, 2, 3]