Product
exrick xmall
6 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-36331
CVE-2025-65540
CVE-2025-45612
CVE-2025-28399
CVE-2024-24112
CVE-2021-43432
all versions
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order deta
all versions
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input
<= 1.1
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
all versions
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Addre
all versions
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
<= 2021-11-07
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add