CVE-2025-40674 – osCommerce Reflected Cross-Site Scripting (XSS)

June 17, 2025

CVE ID : CVE-2025-40674

Published : June 17, 2025, 9:15 a.m. | 1 hour, 10 minutes ago

Description : Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleDavMail is a POP/IMAP/SMTP/Caldav/Carddav/LDAP exchange gateway

Next Article CVE-2025-6173 – Webkul QloApps SQL Injection

Highlights

CVE-2025-43858 – YouTubeDLSharp Windows Command Injection Vulnerability

April 24, 2025

CVE ID : CVE-2025-43858

Published : April 24, 2025, 6:15 p.m. | 45 minutes ago

Description : YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.

Severity: 9.2 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Managing the growing risk profile of agentic AI and MCP in the enterprise

How To Prevent WordPress SQL Injection Attacks

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

Windows Hello face unlock no longer works in the dark, and Microsoft says it’s not a bug

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.17.2025)

Stream-Omni: Simultaneous Multimodal Interactions with Large Language-Vision-Speech Model

How Inclusive Design Leading and Creating Solutions for Universal Design

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Funny Windows 11 bug brings back classic Windows boot sound from 20 years ago

Windows 11 news and updates in June: Microsoft’s AI agent in Settings makes adjusting your PC easier than ever

uBlock Origin ships to Edge for Android as Google kills it on Chrome

CVE-2025-40674 – osCommerce Reflected Cross-Site Scripting (XSS)

⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

CVE-2025-3853 – WordPress WPshop E-Commerce Plugin Insecure Direct Object Reference Vulnerability

CVE-2025-48844 – QNAP NAS Denial of Service

Gourmand Recipe Manager

CVE-2025-4139 – Netgear EX6120 Remote Buffer Overflow Vulnerability

CVE-2025-43858 – YouTubeDLSharp Windows Command Injection Vulnerability

CVE-2024-56523 – Radware Cloud Web Application Firewall (WAF) HTTP Request Smuggling

CVE-2025-43546 – Oracle Bridge Integer Underflow Vulnerability

CVE-2025-1254 – RTI Connext Professional Core Libraries Out-of-bounds Read/Write Vulnerability

CVE-2025-40674 – osCommerce Reflected Cross-Site Scripting (XSS)

Related Posts