8 matches found
EUVD-2023-40299
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...
CVE-2025-65540
Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...
CVE-2025-65540
Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...
CVE-2025-65540
The CVE-2025-65540 entry concerns XMall (xmall) v1.1 with multiple XSS vulnerabilities caused by improper handling of user-supplied data. User inputs (e.g., username, description) are rendered into HTML without proper sanitization or encoding, enabling script injection. Public references across N...
XMall 安全漏洞
XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall v1.1, which stems from improper handling of user input and could lead to cross-site scripting attacks...
CVE-2025-45612
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index...
XMall 安全漏洞
XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall v1.1, which stems from improper /index access control and could lead to bypassing authentication...
CVE-2024-24112
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter...