8 matches found
EUVD-2023-40299
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...
CVE-2025-65540
Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...
XMall 安全漏洞
XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall v1.1, which stems from improper handling of user input and could lead to cross-site scripting attacks...
CVE-2025-65540
The CVE-2025-65540 entry concerns XMall (xmall) v1.1 with multiple XSS vulnerabilities caused by improper handling of user-supplied data. User inputs (e.g., username, description) are rendered into HTML without proper sanitization or encoding, enabling script injection. Public references across N...
CVE-2025-65540
Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...
XMall 安全漏洞
XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall v1.1, which stems from improper /index access control and could lead to bypassing authentication...
CVE-2025-45612
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index...
CVE-2024-24112
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter...