Newbee-mall Security Vulnerabilities and Issues — Newbee-mall CVE List

Lucene search

Newbee-mall ProjectNewbee-mall

3 matches found

CVE•added 2022/04/10 9:15 p.m.•59 views

CVE-2022-27476

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.

6.1CVSS5.8AI score0.00212EPSS

CVE•added 2025/05/05 3:15 a.m.•48 views

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched rem...

6.5CVSS6.4AI score0.0005EPSS

CVE•added 2021/01/26 6:15 p.m.•35 views

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office".

6.1CVSS5.9AI score0.0024EPSS