CVE-2025-40701
Reflected Cross-Site scripting (XSS) in SOTE's SOTESHOP
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parameter in '/adsTracker/checkAds' is sent to the victim. The vulnerability can be exploited to steal sensitive user information such as session cookies, or to perform actions on their behalf.
| CWE | CWE-79 |
| Vendor | sote |
| Product | soteshop |
| Published | Feb 23, 2026 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for sote soteshop
Be the first to know when new unknown vulnerabilities affecting sote soteshop are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
SOTE / SOTESHOP
8.3.4
References
Credits
Gonzalo Aguilar GarcΓa (6h4ack)