CVE-2025-63883 — MEDIUM (5.4)

Vulnerability Description

A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). The site's client-side JavaScript reads attacker-controlled input (for example, values derived from the URL or page fragment) and inserts it into the DOM via unsafe sinks (innerHTML/insertAdjacentHTML/document.write) without proper sanitization or context-aware encoding. An attacker can craft a malicious URL that, when opened by a victim, causes arbitrary JavaScript to execute in the victim's browser under the electic-shop origin.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Bhabishya-123	E-Commerce	1.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/minhajultaivin/security-advisories/blob/main/CVE-2025-63883.mThird Party AdvisoryExploit

FAQ

What is CVE-2025-63883?

CVE-2025-63883 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A DOM-based cross-site scripting vulnerability exists in electic-shop v1.0 (Bhabishya-123/E-commerce). The site's client-side JavaScript reads attacker-controlled input (for example, values derived fr...

How severe is CVE-2025-63883?

CVE-2025-63883 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-63883?

Check the references section above for vendor advisories and patch information. Affected products include: Bhabishya-123 E-Commerce.