CVE-2025-13002 PUBLISHED

XSS in Farktor Software's E-Commerce Package

Assigner: TR-CERT
Reserved: 11.11.2025 Published: 12.02.2026 Updated: 12.02.2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (XSS).This issue affects E-Commerce Package: through 27112025.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVSS Score: 8.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Farktor Software E-Commerce Services Inc.
Product	E-Commerce Package
Versions	Default: unaffected affected from 0 to 27112025 (incl.)

Credits

Berat ARSLAN finder

References

https://www.usom.gov.tr/bildirim/tr-26-0063

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE

Impacts

CAPEC-63 Cross-Site Scripting (XSS)