CVE-2025-28399 — CVSS 9.8 (critical): An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address…
CVE-2025-45612 — CVSS 9.8 (critical): Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
CVE-2023-36331 — CVSS 8.2 (high): Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via…
CVE-2021-43432 — CVSS 6.1 (medium): A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.
CVE-2025-65540 — CVSS 6.1 (medium): Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields…