CVE-2025-9103 | ZenCart 2.1.0 CKEditor cross site scripting

A vulnerability was found in ZenCart 2.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting.

This vulnerability is known as CVE-2025-9103. The attack can be launched remotely. Furthermore, there is an exploit available.

The real existence of this vulnerability is still doubted at the moment.

The vendor declares this as “intended behavior, allowed for authorized administrators”.VulDB Recent EntriesRead More