Newbee-mall@1.0 Security Vulnerabilities and Issues — Newbee-mall@1.0 CVE List

Lucene search

Newbee-mall ProjectNewbee-mall1.0

5 matches found

CVE•added 2022/04/10 9:15 p.m.•65 views

CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.

9.8CVSS9.5AI score0.00344EPSS

CVE•added 2025/02/07 11:15 p.m.•50 views

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely...

5.4CVSS6.2AI score0.00042EPSS

CVE•added 2025/05/05 3:15 a.m.•48 views

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched rem...

6.5CVSS6.4AI score0.0005EPSS

CVE•added 2021/01/26 6:15 p.m.•35 views

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2024/10/28 8:15 p.m.•35 views

CVE-2024-48178

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.

8.1CVSS7.2AI score0.00088EPSS