69 matches found
Cross-Site Scripting (XSS)
com.xnx3.wangmarket, wangmarket is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the variableList function of /admin/system/variableList.do, which allows a remote attacker to manipulate the Description parameter and inject malicious scripts that...
CVE-2025-15452
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched...
CVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15452
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched...
CVE-2025-15452
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched...
CVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15452 xnx3 wangmarket Backend Variable Search variableList.do variableList cross site scripting
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched...
CVE-2025-15452 xnx3 wangmarket Backend Variable Search variableList.do variableList cross site scripting
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched...
CVE-2025-15452
CVE-2025-15452 affects xnx3 wangmarket up to version 4.9, targeting the Backend Variable Search component: the function variableList.do’s Description parameter can be manipulated to trigger Cross-Site Scripting (XSS). The issue is exploitable remotely, with public PoCs available. Multiple sources...
CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...
CVE-2025-15451
The CVE-2025-15451 affects xnx3 wangmarket up to v4.9, specifically the /admin/system/variableSave.do functionality where manipulating the Description parameter triggers cross-site scripting. Public exploit exists; attack may be remotely initiated; vendor did not respond to disclosure. Connected ...
wangmarket 代码注入漏洞
wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from an incorrect manipulation of the Description parameter in the file...
wangmarket 代码注入漏洞
wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from the incorrect operation of the parameter Description in the function variableList in the fil...
PT-2026-1205
Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions prior to 4.9 Description A weakness exists in xnx3 wangmarket that may allow for cross site scripting. The issue affects the variableList function within the /admin/system/variableList.do file of the Backend Variable...
PT-2026-1204
Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 4.9 Description A security flaw exists in xnx3 wangmarket up to version 4.9, specifically within the System Variables Page functionality located at the '/admin/system/variableSave.do' file. Manipulation of the...
CVE-2025-15416
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The...
CVE-2025-15415
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...
CVE-2025-15416
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The...