2025-10-16 08:00:39
INCIBE
PUBLISHED
Stored Cross-Site Scripting (XSS) in Sergestecs Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the obs parameter in /admin/index.php?action=product_update. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.