Mall Security Vulnerabilities and Issues — Mall CVE List

MacrozhengMall

16 matches found

CVE•added 2024/11/22 9:0 p.m.•82 views

CVE-2024-11619

The CVE-2024-11619 issue affects macrozheng mall up to version 1.0.3, specifically the JWT Token Handler component. Root cause: use of a default cryptographic key, which can compromise confidentiality/integrity if exploited. Exploitation complexity is described as high and exploitation is difficu...

8.1CVSS5AI score0.00229EPSS

CVE•added 2025/07/26 1:32 p.m.•39 views

CVE-2025-8191

The CVE-2025-8191 entry concerns macrozheng mall (version ≤ 1.0.3) exposing a Cross-Site Scripting (XSS) vulnerability in Swagger UI by manipulating the configUrl parameter in /swagger-ui/index.html. The root cause is an input handling flaw in the Swagger UI component that enables remote executio...

5.4CVSS3.7AI score0.00678EPSS

Web

CVE•added 2025/08/08 10:2 p.m.•15 views

CVE-2025-8742

CVE-2025-8742 affects macrozheng mall 1.0.3, specifically the Admin Login component. The root cause is improper restriction of excessive authentication attempts, enabling remote exploitation. Documents note the attack requires high complexity and that exploitation is difficult, with vendor not re...

6.3CVSS7.1AI score0.00155EPSS

CVE•added 2025/11/20 2:2 a.m.•14 views

CVE-2025-13443

CVE-2025-13443 affects macrozheng mall up to version 1.0.3. The vulnerability lies in the /member/readHistory/delete function where manipulation of the ids argument enables improper access controls and allows remote exploitation. The exploit is public. No remediation details are provided in the s...

6.5CVSS5.4AI score0.0003EPSS

Web

CVE•added 2025/08/08 9:32 p.m.•14 views

CVE-2025-8741

CVE-2025-8741 concerns macrozheng mall up to version 1.0.3. The vulnerability affects an unknown functionality of the /admin/login URL and leads to cleartext transmission of sensitive information. It can be exploited remotely with high attack complexity and without user interaction. Exploit detai...

6.3CVSS6.8AI score0.00046EPSS

CVE•added 2025/08/09 7:2 a.m.•13 views

CVE-2025-8750

CVE-2025-8750 affects macrozheng mall

5.4CVSS6.3AI score0.00056EPSS

Web

CVE•added 2025/08/09 2:2 p.m.•11 views

CVE-2025-8755

CVE-2025-8755 affects macrozheng mall up to 1.0.3, specifically the UmsMemberController.detail(orderId) function. Root cause is an authorization bypass caused by manipulation of the orderId parameter, enabling remote access without proper rights. Several connected sources (e.g., PT-2025-32440) de...

6.9CVSS7AI score0.0008EPSS

CVE•added 2025/09/02 9:32 p.m.•11 views

CVE-2025-9835

CVE-2025-9835 affects macrozheng mall up to version 1.0.3. The vulnerability resides in the cancelOrder function in /order/cancelUserOrder; manipulating the orderId parameter bypasses authorization, enabling a remote attack. Public disclosures/PoC appear in the connected sources, with CVSS estima...

5.3CVSS6.6AI score0.00068EPSS

Web

CVE•added 2025/08/27 6:2 a.m.•10 views

CVE-2025-9514

Summary (CVE-2025-9514) : Macrozheng Mall versions up to 1.0.3 have a vulnerability in the Registration component. The flaw allows weak password requirements, potentially enabling unauthorized remote access. Exploitation is described as highly complex with difficult exploitability. The provided d...

6.3CVSS4.3AI score0.00048EPSS

CVE•added 2026/02/07 9:45 p.m.•8 views

CVE-2026-25858

The CVE-2026-25858 issue affects macrozheng mall up to version 1.0.3 where the mall-portal password reset flow exposes the OTP in the API response and authenticates requests solely by the OTP tied to a telephone number. An unauthenticated attacker can reset arbitrary user passwords using only a k...

9.8CVSS5.7AI score0.00353EPSS

CVE•added 2025/11/13 2:2 p.m.•7 views

CVE-2025-13116

CVE-2025-13116 affects macrozheng mall-swarm and mall up to 1.0.3. The issue is in the function cancelUserOrder in /order/cancelUserOrder, where manipulating the argument orderId can cause improper authorization. Attacks are described as remotely executable and a public exploit exists. Multiple c...

5.5CVSS5.4AI score0.00038EPSS

Web

CVE•added 2025/09/02 10:2 p.m.•7 views

CVE-2025-9836

CVE-2025-9836 affects macrozheng mall up to version 1.0.3. The flaw exists in the paySuccess function (/order/paySuccess); manipulating the orderId parameter enables an authorization bypass. The issue can be exploited remotely and exploitation has been made public (e.g., public PoC). Connected so...

5.3CVSS6.5AI score0.00057EPSS

Web

CVE•added 2025/11/13 1:32 p.m.•6 views

CVE-2025-13115

CVE-2025-13115 affects macrozheng mall-swarm (and mall up to v1.0.3) in the Order Details Handler, specifically the /order/detail/ function. The issue arises from manipulating the orderId parameter, leading to improper authorization. Reported as exploitable remotely, with public exploitation avai...

5.3CVSS4.7AI score0.00041EPSS

Web

CVE•added 2025/11/13 2:32 p.m.•4 views

CVE-2025-13117

CVE-2025-13117 affects macrozheng mall-swarm up to version 1.0.3, targeting the cancelOrder function in /order/cancelOrder. The issue arises from manipulation of the orderId parameter, causing improper authorization. An attacker can trigger this remotely and public exploitation has been disclosed...

5.5CVSS5.4AI score0.00044EPSS

Web

CVE•added 2025/12/28 3:2 a.m.•4 views

CVE-2025-15118

CVE-2025-15118 affects macrozheng mall (up to v1.0.3), specifically the Member Endpoint’s /member/address/update/ path. The underlying issue is improper authorization caused by manipulation of that file, enabling remote exploitation. Public exploit information is noted in multiple sources. Affect...

5.3CVSS6.4AI score0.00032EPSS

CVE•added 2025/11/13 3:2 p.m.•3 views

CVE-2025-13118

Summary (CVE-2025-13118): Macrozheng mall-swarm and mall up to 1.0.3 are affected. The paySuccess function in /order/paySuccess is vulnerable to argument tampering of orderID, resulting in improper authorization. The issue is exploitable remotely; exploits are public. Multiple connected sources c...

6.5CVSS6.3AI score0.00042EPSS

Web