Lucene search
Newbee-mall ProjectNewbee-mall1.0.0
2 matches found
CVE-2022-27476
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
6.1CVSS5.8AI score0.00212EPSS
CVE-2024-48178
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
8.1CVSS7.2AI score0.00088EPSS