Cross-Site Scripting Vulnerability in Bdtask Isshue Multi Store eCommerce Solution
CVE-2025-13186

4.8MEDIUM

Key Information:

Vendor: Bdtask
Status: Isshue Multi Store Ecommerce Shopping Cart Solution
Vendor: CVE Published:; 14 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-13186?

A vulnerability has been identified in the Bdtask Isshue Multi Store eCommerce Shopping Cart Solution, specifically affecting the management of customer data through the /dashboard/Ccustomer/manage_customer endpoint. The flaw allows for cross-site scripting (XSS) via improper handling of the argument 'Search'. This enables malicious actors to conduct remote attacks by injecting scripts, potentially compromising user data and security. Disclosures to the vendor have gone unanswered, raising concerns about the exploitation of this weakness, which is now publicly known.

Affected Version(s)

Isshue Multi Store eCommerce Shopping Cart Solution 4.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-13186 - Proof of Concept