2 matches found
CVE-2022-27476
A cross-site scripting XSS vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter...
CVE-2022-27476
CVE-2022-27476 concerns a cross-site scripting (XSS) vulnerability in Newbee-Mall v1.0.0. The issue manifests at the /admin/goods/update endpoint, where an attacker can inject a crafted payload into the goodsName parameter to execute arbitrary web scripts or HTML in the victim’s browser. The root...