CVE-2025-8222

A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The...

CVE-2025-8222

CVE-2025-8222 affects jerryshensjf JPACookieShop 蛋糕商城JPA版 up to commit 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. The vulnerable component is GoodsController.java, with a cross-site scripting issue that can be triggered remotely and impacts multiple endpoints. Public exploit details exist. Public ...

CVE-2025-7939 jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java addGoods unrestricted upload

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely...

CVE-2025-7938 jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization

A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to th...

CVE-2025-0405

CVE-2025-0405 affects liujianview gymxmjpa 1.0. The vulnerability lies in GoodsDaoImpl within GoodsController.java, where manipulation of the goodsName parameter leads to an SQL injection. The issue can be exploited remotely and has had exploits disclosed publicly. Multiple connected sources (Red...

CVE-2025-0405 liujianview gymxmjpa GoodsController.java GoodsDaoImpl sql injection

A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be...

CVE-2025-0405 liujianview gymxmjpa GoodsController.java GoodsDaoImpl sql injection

A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be...

gymxmjpa 安全漏洞

gymxmjpa is a gym management system for liujianview individual developers. A security vulnerability exists in gymxmjpa version 1.0, which originates from an SQL injection in the foodsName parameter of the GoodsDaoImpl function in the...

CVE-2021-43689

manage last update Oct 24, 2017 is affected by a Cross Site Scripting XSS vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $POST...

Cross site scripting

manage last update Oct 24, 2017 is affected by a Cross Site Scripting XSS vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $POST...

CVE-2021-43689

The CVE-2021-43689 entry concerns the manage application (ThinkPHP-based) with a Cross Site Scripting (XSS) flaw in Application/Home/Controller/GoodsController.class.php. The vulnerability arises because the exit function terminates the script and prints a message that includes values from $_POST...