CVE-2025-0421 - Vulnerability Details - OpenCVE

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Shopside	Shopside

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0402

History

Mon, 24 Nov 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Shopside Shopside shopside
Vendors & Products		Shopside Shopside shopside

Wed, 19 Nov 2025 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 19 Nov 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.
Title		iFrame Injection in Mikrogrup's Shopside
Weaknesses		CWE-1021
References		https://www.usom.gov.tr/bildirim/tr-25-0402
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-11-19T13:28:36.779Z

Updated: 2025-11-19T14:27:51.882Z

Reserved: 2025-01-13T14:21:30.754Z

Link: CVE-2025-0421

Vulnrichment

Updated: 2025-11-19T14:20:07.660Z

NVD

Status : Awaiting Analysis

Published: 2025-11-19T14:15:57.943

Modified: 2025-11-19T19:14:59.327

Link: CVE-2025-0421

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0421", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-01-13T14:21:30.754Z", "datePublished": "2025-11-19T13:28:36.779Z", "dateUpdated": "2025-11-19T14:27:51.882Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Shopside", "vendor": "Shopside Software Technologies Inc.", "versions": [{"lessThanOrEqual": "05022025", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "datePublic": "2025-11-19T13:24:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.<p>This issue affects Shopside: through 05022025.</p>"}], "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025."}], "impacts": [{"capecId": "CAPEC-222", "descriptions": [{"lang": "en", "value": "CAPEC-222 iFrame Overlay"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-11-19T13:28:36.779Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0402"}], "source": {"advisory": "TR-25-0402", "defect": ["TR-25-0402"], "discovery": "UNKNOWN"}, "title": "iFrame Injection in Mikrogrup's Shopside", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-19T14:06:33.495330Z", "id": "CVE-2025-0421", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-19T14:27:51.882Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0421", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-19T14:06:33.495330Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-19T14:20:07.660Z"}}], "cna": {"title": "iFrame Injection in Mikrogrup's Shopside", "source": {"defect": ["TR-25-0402"], "advisory": "TR-25-0402", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Berat ARSLAN"}], "impacts": [{"capecId": "CAPEC-222", "descriptions": [{"lang": "en", "value": "CAPEC-222 iFrame Overlay"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Shopside Software Technologies Inc.", "product": "Shopside", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "05022025"}], "defaultStatus": "unaffected"}], "datePublic": "2025-11-19T13:24:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0402"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.<p>This issue affects Shopside: through 05022025.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-11-19T13:28:36.779Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0421", "state": "PUBLISHED", "dateUpdated": "2025-11-19T14:27:51.882Z", "dateReserved": "2025-01-13T14:21:30.754Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-11-19T13:28:36.779Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}