CVE-2025-8411 HIGH

CVE-2025-8411: XSS in Dokuzsoft Technology's E-Commerce Web Design Product

Vendor Dokuzsoft Technology
Product E-Commerce Web Design Product
Weakness CWE-79 · XSS
Published September 17, 2025
Last update June 5, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology E-Commerce Web Design Product allows XSS Through HTTP Headers. This issue affects E-Commerce Web Design Product: before 11.08.2025.

Key dates

02Disclosure timeline

September 17, 2025 CVE published
June 5, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-21610 Trix allows Cross-site Scripting via `javascript:` url in a link CVE-2023-48554 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-53679 Apache VCL: XSS vulnerability in User Lookup impacting user privileges CVE-2025-48112 WordPress Dot html,php,xml etc pages plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-25082 WordPress flexIDX Home Search plugin <= 2.1.2 - Stored Cross Site Scripting (XSS) vulnerability