Exrick Xmall vulnerabilities
6 known vulnerabilities affecting exrick/xmall.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-24112P2CRITICALCVSS 9.8PoCv1.12024-02-06
CVE-2024-24112 [CRITICAL] CWE-89 CVE-2024-24112: xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
nvd
CVE-2025-28399P3CRITICALCVSS 9.8v1.12025-04-15
CVE-2025-28399 [CRITICAL] CWE-269 CVE-2025-28399: An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the upd
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
nvd
CVE-2025-45612P3CRITICALCVSS 9.8≤ 1.12025-05-05
CVE-2025-45612 [CRITICAL] CWE-284 CVE-2025-45612: Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET r
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
nvd
CVE-2023-36331P3HIGHCVSS 8.2v1.12026-01-12
CVE-2023-36331 [HIGH] CWE-639 CVE-2023-36331: Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.
nvd
CVE-2025-65540P4MEDIUMCVSS 6.1v1.12025-11-29
CVE-2025-65540 [MEDIUM] CWE-79 CVE-2025-65540: Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.
nvd
CVE-2021-43432P4MEDIUMCVSS 6.1≤ 2021-11-072022-04-07
CVE-2021-43432 [MEDIUM] CWE-79 CVE-2021-43432: A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via th
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.
nvd