CVE-2025-3297

CWE-79Cross-site Scripting (XSS)CWE-94Code InjectionCWE-416Use After Free5 documents4 sources
Severity
5.1MEDIUM
EPSS
0.2%
top 57.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sourcecodester Online Eyewear ShopOretnom23 Online Eyewear Shop
Timeline
PublishedApr 5
Latest updateApr 7

Description

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-xp37-x766-f7v4: A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 12025-04-07
CVEList
SourceCodester Online Eyewear Shop Master.php cross site scripting2025-04-05

📋Vendor Advisories

2
Microsoft
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice2023-09-12
Microsoft
Use After Free in vim/vim2022-09-13
CVE-2025-3297 (MEDIUM CVSS 5.1) | A vulnerability | cvebase.io