Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-05
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-15
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
CVSS Score
9.8
EPSS Score
0.811
Published
2024-02-06
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-07