What is CVE-2025-47289?

CVE-2025-47289 is a medium-severity vulnerability in Ce-phoenixcart Phoenixcart, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 6.3/10. Published 2025-06-02.

How severe is CVE-2025-47289?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2025-47289 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ce-phoenixcart Phoenixcart

CVE-2025-47289

CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial de…

EPSS: 0.001 (32.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.

Affected products

Ce-phoenixcart Phoenixcart — versions >= 1.0.9.7, < 1.1.0.3

Weakness classification (CWE)

CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag

Public proof-of-concept exploits

References

https://github.com/CE-PhoenixCart/PhoenixCart/security/advisories/GHSA-98qq-m8qj-vvgj (x_refsource_CONFIRM)
https://drive.google.com/file/d/1uQAEjewSL9jWWu1UHe47tAnM7U4_x39g/view?usp=drive_link (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-47289?: CVE-2025-47289 is a medium-severity vulnerability in Ce-phoenixcart Phoenixcart, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 6.3/10. Published 2025-06-02.
How severe is CVE-2025-47289?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2025-47289 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.