Wang.market
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15415 | Med | 0.31 | 4.7 | 0.00 | Jan 1, 2026 | A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the… | ||
| CVE-2025-15452 | Low | 0.16 | 2.4 | 0.00 | Jan 5, 2026 | A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The… | ||
| CVE-2025-15451 | Low | 0.16 | 2.4 | 0.00 | Jan 5, 2026 | A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site… | ||
| CVE-2025-15416 | Low | 0.16 | 2.4 | 0.00 | Jan 1, 2026 | A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed… | ||
| CVE-2025-25770 | 0.00 | — | 0.00 | Feb 21, 2025 | Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java. | |||
| CVE-2025-25769 | 0.00 | — | 0.00 | Feb 21, 2025 | Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java. |
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the…
- risk 0.16cvss 2.4epss 0.00
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The…
- risk 0.16cvss 2.4epss 0.00
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed…
- CVE-2025-25770Feb 21, 2025risk 0.00cvss —epss 0.00
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.
- CVE-2025-25769Feb 21, 2025risk 0.00cvss —epss 0.00
Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.