- Description
- Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/searchResults. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
- Source
- cve-coordination@incibe.es
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- cve-coordination@incibe.es
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-1776 🟠 MEDIUM (6.1) 🏢 Soteshop - Soteshop 🏗️ 0 🔗 https://t.co/uGKErDfUcH #CyberCron #VulnAlert https://t.co/MmFIJaBY56
@cybercronai
28 Feb 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
⚠️#INCIBEaviso | Vulnerabilidad de Cross-Site Scripting (XSS) en #Soteshop #CVE CVE-2025-1776 https://t.co/V4Pnnir9SC #AvisosDeSeguridad #CNA #TI #0day https://t.co/pyOQGIT6Vx
@incibe_cert
28 Feb 2025
448 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes