Filtered by vendor Exrick
Subscriptions
Filtered by product Xmall
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45612 | 1 Exrick | 1 Xmall | 2025-06-16 | 9.8 Critical |
| Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. | ||||
| CVE-2024-24112 | 1 Exrick | 1 Xmall | 2025-05-08 | 9.8 Critical |
| xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | ||||
| CVE-2025-28399 | 1 Exrick | 1 Xmall | 2025-04-25 | 9.8 Critical |
| An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. | ||||
| CVE-2021-43432 | 1 Exrick | 1 Xmall | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. | ||||
Page 1 of 1.