# Exploit Title: Wisenshop - Stored XSS # Exploit Author: CraCkEr # Date: 11-10-2025 # Author of Script: Wisencode Infotech # Vendor: Wisencode Infotech # Vendor Homepage: https://www.codester.com/items/53007/wisenshop-ecommerce-store-script # Software Link: https://default-theme.wisenshop.com/ # Demo Link: https://default-theme.wisenshop.com/ # Tested on: Windows 11 Pro # Impact: Manipulate the content of the site # CWE: CWE-79 - CWE-94 - CWE-74 # VDB: VDB-329935 # CVE: CVE-2025-12264 ## Description Attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials ## Steps to Reproduce the Stored XSS Vulnerability: 1. Register on the target website as a standard user. 2. Log in using your newly created credentials. 3. Navigate to the Profile page: https://default-theme.wisenshop.com/profile 4. Click on "Create a Support Ticket" to access the ticket submission form: https://default-theme.wisenshop.com/support-ticket/create 5. Fill in arbitrary values for Email and Subject, and inject a malicious XSS payload into the Message field. 6. Submit the support ticket. 7. Log in as an admin and navigate to the Support Tickets section in the backend panel: https://default-theme.wisenshop.com/backend/tickets 8. Upon viewing the submitted ticket, the XSS payload executes in the admin’s browser. [-] Done