Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52 matches found

Nuclei
Nucleiadded 19 hours ago37 views

Exrick XMall - SQL Injection

XMall v1.1 was discovered to contain a SQL injection vulnerability via the 'orderDir' parameter. id: CVE-2024-24112 info: name: Exrick XMall - SQL Injection author: DhiyaneshDk severity: critical description: | XMall v1.1 was discovered to contain a SQL injection vulnerability via the 'orderDir'...

9.8CVSS7.3AI score0.81566EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/13 10:54 p.m.2 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS6.8AI score0.00065EPSS
Exploits1References1
OSV
OSVadded 2026/01/12 8:15 p.m.1 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/12 12:0 a.m.1 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

6.5AI score0.00065EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/01/12 12:0 a.m.2 views

PT-2026-2300

Name of the Vulnerable Software and Affected Versions xmall version 1.1 Description An issue exists in xmall version 1.1 related to access control. Specifically, the /member/orderList API endpoint allows unauthorized access to other users' order details. This is achieved by manipulating the userI...

8.2CVSS6.6AI score0.00065EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/01/12 12:0 a.m.18 views

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

0.00065EPSS
Exploits1References1
CVE
CVEadded 2026/01/12 12:0 a.m.8 views

CVE-2023-36331

CVE-2023-36331 affects xmall v1.1. The /member/orderList API has improper access control that lets an attacker read other users’ order details by manipulating the userId query parameter. The CVSS 3.1 base score is 8.2 (NETWORK, LOW attack complexity, no privileges required, confidentiality impact...

8.2CVSS6.5AI score0.00065EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2026/01/12 12:0 a.m.1 views

EUVD-2023-40299

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

8.2CVSS6.3AI score0.00065EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/01/12 12:0 a.m.2 views

xmall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by the individual developer of Exrick. A security vulnerability exists in version 1.1 of xmall, which stems from improper access control of the /member/orderList API, and could lead to an attacker accessing other users' ord...

8.2CVSS6.6AI score0.00065EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2025/12/09 12:11 a.m.2 views

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

6.1CVSS6.1AI score0.00033EPSS
Exploits1References1
EUVD
EUVDadded 2025/11/29 6:30 a.m.2 views

EUVD-2025-199901

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

5.6AI score0.00033EPSS
Exploits1References2
OSV
OSVadded 2025/11/29 4:15 a.m.1 views

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

6.1CVSS5.9AI score
Exploits0References1
NVD
NVDadded 2025/11/29 4:15 a.m.1 views

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

6.1CVSS0.00033EPSS
Exploits1References1
CNNVD
CNNVDadded 2025/11/29 12:0 a.m.3 views

XMall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall v1.1, which stems from improper handling of user input and could lead to cross-site scripting attacks...

6.1CVSS6AI score0.00033EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/11/29 12:0 a.m.1 views

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

5.7AI score0.00033EPSS
Exploits1References1
CVE
CVEadded 2025/11/29 12:0 a.m.7 views

CVE-2025-65540

The CVE-2025-65540 entry concerns XMall (xmall) v1.1 with multiple XSS vulnerabilities caused by improper handling of user-supplied data. User inputs (e.g., username, description) are rendered into HTML without proper sanitization or encoding, enabling script injection. Public references across N...

6.1CVSS5.7AI score0.00033EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2025/11/29 12:0 a.m.2 views

PT-2025-48370

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

6.1AI score0.00033EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/11/29 12:0 a.m.4 views

CVE-2025-65540

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

0.00033EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-11090

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01176EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-13426

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00283EPSS
Exploits1References2
Rows per page
Query Builder