Xmall Security Vulnerabilities and Issues — Xmall CVE List

Lucene search

ExrickXmall

4 matches found

CVE•added 2025/04/15 7:16 p.m.•50 views

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.

9.8CVSS7.4AI score0.00244EPSS

CVE•added 2025/05/05 8:15 p.m.•43 views

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

9.8CVSS6.8AI score0.0012EPSS

CVE•added 2022/04/07 7:15 p.m.•39 views

CVE-2021-43432

A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.

6.1CVSS6AI score0.00292EPSS

CVE•added 2024/02/06 1:15 a.m.•36 views

CVE-2024-24112

xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.

9.8CVSS9.7AI score0.81133EPSS