MEDIUM🇵🇱 Wersja polska

CVE-2025-65540

CVSS 6.1v3.1pub. 2025-11-29upd. 2025-12-23

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Exrick Xmall

    APP
    Exrick
    1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-45612CRITICAL9.8PL ✓ten sam produkt

Obejście uwierzytelnienia w Exrick Xmall v1.1 poprzez crafted GET request

CVE-2025-28399CRITICAL9.8PL ✓ten sam produkt

Eskalacja uprawnień w Exrick Xmall przez metodę updateAddress

CVE-2024-24112CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Exrick XMall przez parametr orderDir

CVE-2023-36331HIGH8.2ten sam produkt

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access oth...

CVE-2021-43432MEDIUM6.1ten sam produkt

A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET para...