Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27476 | 1 Newbee-mall Project | 1 Newbee-mall | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. | |||||
CVE-2022-27477 | 1 Newbee-mall Project | 1 Newbee-mall | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | |||||
CVE-2020-23448 | 1 Newbee-mall Project | 1 Newbee-mall | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed. | |||||
CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | |||||
CVE-2020-23447 | 1 Newbee-mall Project | 1 Newbee-mall | 2021-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office". | |||||
CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2019-12-03 | 7.5 HIGH | 9.8 CRITICAL |
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. |