CVE-2025-9237 MEDIUM

CVE-2025-9237: CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting

Vendor Codeastro

Product Ecommerce Website

Weakness CWE-79 · XSS

Published August 20, 2025

Last update August 20, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

August 20, 2025 CVE published

August 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9237 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2025-9237: CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting

01Description

02Disclosure timeline

03References

04Related CVE