What is CVE-2025-59411?

CVE-2025-59411 is a medium-severity vulnerability in Cubecart V6, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2025-09-22.

How severe is CVE-2025-59411?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2025-59411 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Cubecart V6

CVE-2025-59411

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin re…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.

Affected products

Cubecart V6 — versions < 6.5.11

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

https://github.com/cubecart/v6/security/advisories/GHSA-5hg3-m3q3-v2p4 (x_refsource_CONFIRM)
https://github.com/cubecart/v6/commit/299065bd4a8836782ce92f70988c730f130756db (x_refsource_MISC)
https://github.com/cubecart/v6/commit/48336c54532705873a8c4106208c2d596f128047 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-59411?: CVE-2025-59411 is a medium-severity vulnerability in Cubecart V6, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2025-09-22.
How severe is CVE-2025-59411?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2025-59411 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.