CVE-2025-40674 – osCommerce Reflected Cross-Site Scripting (XSS)

June 17, 2025

CVE ID : CVE-2025-40674

Published : June 17, 2025, 9:15 a.m. | 1 hour, 10 minutes ago

Description : Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleDavMail is a POP/IMAP/SMTP/Caldav/Carddav/LDAP exchange gateway

Next Article CVE-2025-6173 – Webkul QloApps SQL Injection

Highlights

CVE-2025-55582 – D-Link DCS-825L Persistent Privilege Escalation and Arbitrary Code Execution

August 27, 2025

CVE ID : CVE-2025-55582

Published : Aug. 27, 2025, 8:15 p.m. | 5 hours, 29 minutes ago

Description : D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-40674 – osCommerce Reflected Cross-Site Scripting (XSS)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Stop Scrolling: Kinetic Typography Is Redefining UX

CVE-2024-53636 – Serosoft Academia Student Information System (SIS) EagleR File Upload Code Execution Vulnerability

Xbox hints that Xbox Cloud Gaming will become “more affordable” soon, across more regions, with comments on ‘Xbox Next Gen’ in tow

CVE-2025-2305 – Apache Linux Path Traversal Vulnerability

CVE-2025-55582 – D-Link DCS-825L Persistent Privilege Escalation and Arbitrary Code Execution

Supercharge your development with Claude Code and Amazon Bedrock prompt caching

CVE-2025-23394 – openSUSE cyrus-imapd Symbolic Link Escalation to Root

Call of Duty Warzone Season 5 — Nukes a Stadium, Adds a Hijack Event, and Still Thinks You’ll Survive

CVE-2025-40674 – osCommerce Reflected Cross-Site Scripting (XSS)

Related Posts