CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2025-9237

Source VulDB

Published Aug 20, 2025 at 17:32

Affected Product

Vendor CodeAstro

Product Ecommerce Website

Version 1.0

Affected Versions CodeAstro Ecommerce Website 1.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.",
    "published": "2025-08-20T17:32:08.708Z",
    "modified": "2025-08-20T17:32:08.708Z",
    "type": "cve",
    "title": "CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.320770\nhttps://vuldb.com/?ctiid.320770\nhttps://vuldb.com/?submit.631136\nhttps://gist.github.com/0xSebin/bb6781e5977bda36610fda20861a5bbe\nhttps://gist.github.com/0xSebin/bb6781e5977bda36610fda20861a5bbe#steps-to-reproduce\nhttps://codeastro.com/",
    "id": "CVE-2025-9237",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "CodeAstro Ecommerce Website 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ecommerce Website",
    "version": "1.0",
    "vendor": "CodeAstro",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting_CVE-2025-9237