xmall
by Exrick
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-45612 | Cri | 0.64 | 9.8 | 0.00 | May 5, 2025 | Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | ||
| CVE-2024-24112 | Cri | 0.64 | 9.8 | 0.03 | Feb 6, 2024 | xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | ||
| CVE-2021-43432 | Med | 0.40 | 6.1 | 0.01 | Apr 7, 2022 | A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. |
- risk 0.64cvss 9.8epss 0.00
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
- risk 0.64cvss 9.8epss 0.03
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
- risk 0.40cvss 6.1epss 0.01
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.