Newbee-mall Security Vulnerabilities and Issues — Newbee-mall CVE List

Lucene search

Newbee-mall ProjectNewbee-mall

3 matches found

CVE•added 2021/01/26 6:15 p.m.•35 views

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2021/01/26 6:15 p.m.•32 views

CVE-2020-23449

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.

7.5CVSS7.5AI score0.00206EPSS

CVE•added 2021/01/26 6:15 p.m.•28 views

CVE-2020-23448

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.

9.8CVSS9.6AI score0.00398EPSS