Lucene search
+L

126 matches found

Cvelist
Cvelist
added 2025/03/02 2:31 p.m.31 views

CVE-2025-1817 Mini-Tmall Admin Name admin cross site scripting

A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...

4.8CVSS0.00335EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/02 2:31 p.m.7 views

CVE-2025-1817 Mini-Tmall Admin Name admin cross site scripting

A vulnerability classified as problematic was found in Mini-Tmall up to 20250211. This vulnerability affects unknown code of the file /admin of the component Admin Name Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...

4.8CVSS3.6AI score0.00335EPSS
Exploits1References4
CVE
CVE
added 2025/03/02 2:31 p.m.57 views

CVE-2025-1817

CVE-2025-1817 affects Mini-Tmall up to 20250211, involving the /admin path of the Admin Name Handler. The issue is described as a cross-site scripting (XSS) vulnerability that can be triggered remotely and for which the exploit has been disclosed publicly. The available reports do not specify the...

5.4CVSS3.5AI score0.00335EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/03/02 12:0 a.m.4 views

Mini-Tmall 跨站脚本漏洞

Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform . Used to build an e-commerce platform to provide commodity trading services. A cross-site scripting vulnerability exists in Mini-Tmall 20250211 and previous versions. Attackers can use the...

5.4CVSS4AI score0.00335EPSS
Exploits1References6
OSV
OSV
added 2024/09/08 3:15 a.m.4 views

CVE-2024-8568

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...

9.8CVSS5.6AI score0.00493EPSS
Exploits0References4
NVD
NVD
added 2024/09/08 3:15 a.m.16 views

CVE-2024-8568

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...

9.8CVSS0.00493EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/08 2:31 a.m.27 views

CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS0.00493EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/08 2:31 a.m.14 views

CVE-2024-8568 Mini-Tmall 1 rewardMapper.select sql injection

A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to sql injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS7.2AI score0.00493EPSS
Exploits0References4
CVE
CVE
added 2024/09/08 2:31 a.m.87 views

CVE-2024-8568

Mini-Tmall is affected by a SQL injection in the function RewardMapper.select inside tmall/admin/order/1/1, triggered by manipulating the orderBy argument. Affected versions are up to 20240901. Exploitation is remote and has been disclosed publicly; vendor contact occurred with no evident respons...

9.8CVSS7AI score0.00493EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/09/08 12:0 a.m.5 views

Tmall_demo SQL注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A SQL injection vulnerability exists in Tmalldemo 20240901 and earlier versions, which stems from the improper handling of the orderBy parameter in the orderMapper.select function in the tmall/admin/order/1/1 file...

9.8CVSS7AI score0.00493EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.4 views

PT-2024-39105 · Unknown · Mini-Tmall

Name of the Vulnerable Software and Affected Versions: Mini-Tmall versions up to 20240901 Description: A critical issue was found in the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argument orderBy leads to SQL injection. It is possible to launch the...

9.8CVSS7.1AI score0.00493EPSS
Exploits0References10
CNVD
CNVD
added 2024/07/19 12:0 a.m.8 views

Mini-Tmall SQL Injection Vulnerability

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

7.3CVSS7.8AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2024/07/15 4:15 p.m.3 views

CVE-2024-40554

An access control issue in Tmalldemo v2024.07.03 allows attackers to obtain sensitive information...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2024/07/15 4:15 p.m.4 views

CVE-2024-40560

Tmalldemo before v2024.07.03 was discovered to contain a SQL injection vulnerability...

7.3CVSS5.8AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2024/07/15 4:15 p.m.3 views

CVE-2024-40555

Tmalldemo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability...

5.3CVSS5.9AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2024/07/15 4:15 p.m.5 views

CVE-2024-40553

Tmalldemo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage...

4.9CVSS5.8AI score0.00338EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.4 views

Mini-Tmall Security Breach

Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can obtain sensitive information by exploiting the vulnerability...

7.5CVSS6.5AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.5 views

PT-2024-28919 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall demo version 2024.07.03 Description: The issue is related to an access control problem, which enables attackers to gain access to sensitive information. Recommendations: For Tmall demo version 2024.07.03, at the moment, there is no...

7.5CVSS6.3AI score0.00369EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.5 views

Mini-Tmall 安全漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

7.3CVSS8.1AI score0.00257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.5 views

PT-2024-28920 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall demo version 2024.07.03 Description: The issue allows for an arbitrary file upload, which could potentially lead to unauthorized access or malicious activity. Recommendations: For version 2024.07.03, at the moment, there is no informati...

5.3CVSS7AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder