VYPR

Mall Swarm

by Macrozheng

CVEs (6)

  • CVE-2025-13118MedNov 13, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now…

  • CVE-2025-13114MedNov 13, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be…

  • CVE-2025-14016MedDec 4, 2025
    risk 0.35cvss 5.4epss 0.00

    A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has…

  • CVE-2025-13117MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be…

  • CVE-2025-13116MedNov 13, 2025
    risk 0.35cvss 5.4epss 0.00

    A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack…

  • CVE-2025-13115MedNov 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is…