Cross Site Scripting Vulnerability in winston-dsouza Ecommerce-Website Component
CVE-2025-13793

5.3MEDIUM

Key Information:

Vendor: Winston-dsouza
Status: Ecommerce-website
Vendor: CVE Published:; 30 November 2025

🔔 Create Winston-dsouza Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-13793?

A vulnerability has been detected in the winston-dsouza Ecommerce-Website related to the GET Parameter Handler within the /includes/header_menu.php file. This flaw allows for cross site scripting (XSS), which can be exploited remotely by manipulating the Error argument. With public exploits available, this poses a significant security concern, especially as affected versions include up to 87734c043269baac0b4cfe9664784462138b1b2e. The vendor has not provided a timeline for patching this issue.

Affected Version(s)

Ecommerce-Website 87734c043269baac0b4cfe9664784462138b1b2e

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-13793 - Proof of Concept