newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the โView Recipient Informationโ of this order in โOrder Management Officeโ.