cbcvebase.

Macrozheng Mall vulnerabilities

17 known vulnerabilities affecting macrozheng/mall.

Total CVEs
17
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM13LOW2

Vulnerabilities

Page 1 of 1
CVE-2026-25858P2CRITICALCVSS 9.8≤ 1.0.32026-02-07
CVE-2026-25858 [CRITICAL] CWE-640 CVE-2026-25858: macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time password (OTP) directly in the API response and validates p
nvd
CVE-2025-8191P3MEDIUMCVSS 5.4PoC≤ 1.0.3v1.0.0+3 more2025-07-26
CVE-2025-8191 [MEDIUM] CWE-79 CVE-2025-8191: A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affe A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publ
nvd
CVE-2024-11619P3HIGHCVSS 8.1≤ 1.0.3v1.0.0+3 more2024-11-22
CVE-2024-11619 [HIGH] CWE-1394 CVE-2024-11619: A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was
nvd
CVE-2025-13443P3MEDIUMCVSS 6.5≤ 1.0.3v1.0.0+3 more2025-11-20
CVE-2025-13443 [MEDIUM] CWE-266 CVE-2025-13443: A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
nvd
CVE-2025-8741P3MEDIUMCVSS 5.9≤ 1.0.3v1.0.0+3 more2025-08-08
CVE-2025-8741 [MEDIUM] CWE-310 CVE-2025-8741: A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affec A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation
nvd
CVE-2025-8755P3MEDIUMCVSS 5.3≤ 1.0.3v1.0.0+3 more2025-08-09
CVE-2025-8755 [MEDIUM] CWE-285 CVE-2025-8755: A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue a A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclos
nvd
CVE-2025-13115P3MEDIUMCVSS 5.3≤ 1.0.3v1.0.0+3 more2025-11-13
CVE-2025-13115 [MEDIUM] CWE-266 CVE-2025-13115: A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the A security flaw has been discovered in macrozheng mall-swarm and mall up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the p
nvd
CVE-2025-13117P3MEDIUMCVSS 5.3≤ 1.0.3v1.0.0+3 more2025-11-13
CVE-2025-13117 [MEDIUM] CWE-266 CVE-2025-13117: A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected b A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. T
nvd
CVE-2025-13116P4MEDIUMCVSS 5.3≤ 1.0.3v1.0.0+3 more2025-11-13
CVE-2025-13116 [MEDIUM] CWE-266 CVE-2025-13116: A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the functi A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be expl
nvd
CVE-2025-8750P4MEDIUMCVSS 5.4≤ 1.0.3v1.0.0+3 more2025-08-09
CVE-2025-8750 [MEDIUM] CWE-79 CVE-2025-8750: A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affecte A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the pu
nvd
CVE-2026-10070P4MEDIUMCVSS 4.7v1.0.0v1.0.1+2 more2026-05-29
CVE-2026-10070 [MEDIUM] CWE-266 CVE-2026-10070: A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the fi A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the GitHub issue for this vulnerability without any explana
nvd
CVE-2025-9835P4MEDIUMCVSS 4.3≤ 1.0.3v1.0.0+3 more2025-09-02
CVE-2025-9835 [MEDIUM] CWE-285 CVE-2025-9835: A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-9836P4MEDIUMCVSS 4.3≤ 1.0.3v1.0.0+3 more2025-09-02
CVE-2025-9836 [MEDIUM] CWE-285 CVE-2025-9836: A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function pa A vulnerability was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used.
nvd
CVE-2025-13118P4MEDIUMCVSS 4.3≤ 1.0.32025-11-13
CVE-2025-13118 [MEDIUM] CWE-266 CVE-2025-13118: A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the fun A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this discl
nvd
CVE-2025-15118P4MEDIUMCVSS 4.3≤ 1.0.3v1.0.0+3 more2025-12-28
CVE-2025-15118 [MEDIUM] CWE-266 CVE-2025-15118: A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affect A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
nvd
CVE-2025-8742P4LOWCVSS 3.7≤ 1.0.3v1.0.32025-08-08
CVE-2025-8742 [LOW] CWE-307 CVE-2025-8742: A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by th A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is k
nvd
CVE-2025-9514P4LOWCVSS 3.7≤ 1.0.3v1.0.0+3 more2025-08-27
CVE-2025-9514 [LOW] CWE-521 CVE-2025-9514: A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of t A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. The vendor deleted the GitHub issue for this vulne
nvd
Macrozheng Mall vulnerabilities | cvebase