CVE-2025-13002 HIGH

CVE-2025-13002: XSS in Farktor Software's E-Commerce Package

Vendor Farktor Software E-Commerce Services Inc.
Product E-Commerce Package
Weakness CWE-79 · XSS
Published February 12, 2026
Last update June 4, 2026
View on NVD All CVEs

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (XSS). This issue affects E-Commerce Package: through 27112025.

Key dates

02Disclosure timeline

February 12, 2026 CVE published
June 4, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-4592 Improper Neutralization of Input During Web Page Generation in WPN-XM Serverstack CVE-2025-36248 IBM Copy Services Manager cross-site scripting CVE-2025-11872 Material Design Iconic Font Integration <= 2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-47092 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-24403 WordPress bbPress Voting Plugin <= 2.1.11.0 is vulnerable to Cross-Site Scripting (XSS)