14 matches found
CVE-2025-15452
CVE-2025-15452 affects xnx3 wangmarket up to version 4.9, targeting the Backend Variable Search component: the function variableList.do’s Description parameter can be manipulated to trigger Cross-Site Scripting (XSS). The issue is exploitable remotely, with public PoCs available. Multiple sources...
CVE-2025-15416
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The...
CVE-2025-15415
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...
PT-2026-1031
Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 6.4 Description A flaw exists in the XML File Handler component of xnx3 wangmarket. Specifically, the uploadImage function within the /sits/uploadImage.do file allows for unrestricted file uploads through...
EUVD-2025-4296
Malicious code in bioql PyPI...
CVE-2025-25769
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /controller/UserController.java...
CVE-2025-25770
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /agency/AgencyUserController.java...
CVE-2025-25770
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /agency/AgencyUserController.java...
CVE-2025-25770
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /agency/AgencyUserController.java...
CVE-2025-25770
CVE-2025-25770 affects Wangmarket versions v4.10–v5.0 and is described as a Cross-Site Request Forgery (CSRF) vulnerability exposed via the component /agency/AgencyUserController.java. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H with a base score of 6.8 (Medium). Impact i...
CVE-2025-25769
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /controller/UserController.java...
CVE-2025-25769
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery CSRF via the component /controller/UserController.java...
CVE-2025-25769
CVE-2025-25769 affects Wangmarket versions v4.10 to v5.0, with a Cross-Site Request Forgery (CSRF) vulnerability in the component /controller/UserController.java. The issue is described in multiple sources in the connected documents as CSRF affecting the specified versions. The CVSS metrics in th...
CVE-2023-6886
A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public...