VYPR

xmall

by Exrick

CVEs (3)

  • CVE-2025-45612CriMay 5, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

  • CVE-2024-24112CriFeb 6, 2024
    risk 0.64cvss 9.8epss 0.03

    xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.

  • CVE-2021-43432MedApr 7, 2022
    risk 0.40cvss 6.1epss 0.01

    A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.