CVE-2025-1776
EUVD-2025-595528.02.2025, 14:15
Cross-Site Scripting (XSS) vulnerability in Soteshop, versions prior to 8.3.4, which could allow remote attackers to execute arbitrary code via the ‘query’ parameter in /app-google-custom-search/searchResults. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Awaiting analysis
This vulnerability is currently awaiting analysis.