CVE-2025-52074

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.0%

top 89.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Shopping Portal

Timeline

PublishedSep 12

Description

PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDphpgurukul/online_shopping_portal2.1

🔴Vulnerability Details

GHSA

GHSA-q8fj-hwp7-xhq3: PHPGURUKUL Online Shopping Portal 2↗2025-09-12

▶

CVEList

CVE-2025-52074: PHPGURUKUL Online Shopping Portal 2↗2025-09-12

▶