Vulnerability Information Vulnerability ID: VDB-333791, CVE-2025-13793, EUVD-2025-199937 Vulnerability Type: Cross Site Scripting (XSS) Product: Winston-Dsouza Ecommerce-Website Affected Versions: Up to 87734c043269baac0b4cfe9664784462138b1b2e Summary A problematic vulnerability has been detected in the /includes/header_menu.php file of the component GET Parameter Handler. The manipulation of the argument leads to cross site scripting. The vulnerability is uniquely identified as CVE-2025-13793. The attack is possible to be carried out remotely, and an exploit is present. The vendor was contacted early about this disclosure but did not respond. Details Vulnerability Found In: Winston-Dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e Component Affected: /includes/header_menu.php (GET Parameter Handler) Exploit Type: CWE-79 (Cross Site Scripting) Exploit Ease: The exploitation is known to be easy. Attack Vector: The attack may be initiated remotely without authentication. Advisory: Shared at github.com