Cross-Site Scripting Vulnerability in Farktor E-Commerce Package
CVE-2025-13002

8.2HIGH

Key Information:

Vendor: Farktor Software E-commerce Services Inc.
Status: E-commerce Package
Vendor: CVE Published:; 12 February 2026

🔔 Create Farktor Software E-commerce Services Inc. Vulnerability Alert

What is CVE-2025-13002?

The Farktor E-Commerce Package is susceptible to Cross-Site Scripting (XSS) attacks due to improper input handling during web page generation. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft. It is essential for users of the E-Commerce Package to implement appropriate security measures to mitigate this risk before the specified versions reach their end-of-life.

Affected Version(s)

E-Commerce Package 0 <= 27112025

References

https://www.usom.gov.tr/bildirim/tr-26-0063

third-party-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2026
Vulnerability Reserved
Nov 11, 2025

Credit

Berat ARSLAN

CVE-2025-13002 Data

JSON