Cross-Site Scripting Vulnerability in Shopside Software's Shopside App
CVE-2025-0879

4.7MEDIUM

Key Information:

Vendor: Shopside Software
Status: Shopside App
Vendor: CVE Published:; 17 September 2025

🔔 Create Shopside Software Vulnerability Alert

What is CVE-2025-0879?

A Cross-Site Scripting (XSS) vulnerability exists in Shopside Software's Shopside App, allowing attackers to inject malicious scripts into web pages. This flaw can be exploited by users with high privileges, facilitating unauthorized access and data manipulation before version 17.02.2025. It is crucial for users and administrators to apply necessary security measures and platform updates to safeguard against potential exploits.

Affected Version(s)

Shopside App 0 < 17.02.2025

References

https://www.usom.gov.tr/bildirim/tr-25-0270

third-party-advisory

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jan 30, 2025

Credit

Berat Arslan