CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2352 – StarSea99 starsea-mall Backend save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2352
16 Mar 2025 — A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jingyi-u/starsea-mall/tree/main • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2089 – StarSea99 starsea-mall com.siro.mall.controller.mall.UserController updateInfo updateUserInfo access control
https://notcve.org/view.php?id=CVE-2025-2089
07 Mar 2025 — A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.298903 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2087 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-2087
07 Mar 2025 — A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/333.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2086 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-2086
07 Mar 2025 — A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/222.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2085 – StarSea99 starsea-mall save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2085
07 Mar 2025 — A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/111.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0400 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-0400
12 Jan 2025 — A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. • https://github.com/StarSea99/starsea-mall/issues/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0399 – StarSea99 starsea-mall uploadController.java UploadController unrestricted upload
https://notcve.org/view.php?id=CVE-2025-0399
12 Jan 2025 — A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/StarSea99/starsea-mall/issues/3 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •