VYPR
Vendor

Wang.market

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2025-15415MedJan 1, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the…

  • CVE-2025-15452LowJan 5, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The…

  • CVE-2025-15451LowJan 5, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site…

  • CVE-2025-15416LowJan 1, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed…

  • CVE-2025-25770Feb 21, 2025
    risk 0.00cvss epss 0.00

    Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /agency/AgencyUserController.java.

  • CVE-2025-25769Feb 21, 2025
    risk 0.00cvss epss 0.00

    Wangmarket v4.10 to v5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /controller/UserController.java.