35 matches found
EUVD-2025-1646
Malicious code in bioql PyPI...
EUVD-2025-1647
Malicious code in bioql PyPI...
CVE-2025-0399
A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload...
CVE-2025-2352
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may...
CVE-2025-2352 StarSea99 starsea-mall Backend save cross site scripting
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may...
CVE-2025-2352
The CVE-2025-2352 entry concerns StarSea99 starsea-mall 1.0 Backend, specifically a cross-site scripting flaw in /admin/indexConfigs/save via the categoryName parameter. The vulnerability is exploitable remotely, with the exploit disclosed publicly. Public details indicate unknown/untested impact...
CVE-2025-2352 StarSea99 starsea-mall Backend save cross site scripting
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may...
starsea-mall 代码注入漏洞
starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A code injection vulnerability exists in starsea-mall version 1.0, which originates from cross-site scripting and may lead to remote attacks...
CVE-2025-2086
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-2087
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The explo...
CVE-2025-2085
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-2089
A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...
CVE-2025-2089 StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control
A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...
CVE-2025-2086
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-2087 StarSea99 starsea-mall update cross site scripting
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The explo...
CVE-2025-2087 StarSea99 starsea-mall update cross site scripting
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The explo...
CVE-2025-2086 StarSea99 starsea-mall update cross site scripting
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-2086 StarSea99 starsea-mall update cross site scripting
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2025-2086
CVE-2025-2086 affects StarSea99 Starsea-mall 1.0. The vulnerability resides in unknown code path under /admin/indexConfigs/update, where manipulating the redirectUrl parameter yields cross-site scripting. The issue can be triggered remotely and the exploit has been disclosed publicly. Documents c...
CVE-2025-2085
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...