Exrick/xmall

Exrick/xmall

xmall.exrick.cn

Releases0

Stars7.23K

基于SOA架构的分布式电商购物商城前后端分离前台商城:Vue全家桶后台管理系统:Dubbo/SSM/Elasticsearch/Redis/MySQL/ActiveMQ/Shiro/Zookeeper等

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-36331 ↗	Jan 12, 2026Monday, 12 January 2026, 20:15	8.2 HIGH	—
Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.
CVE-2025-65540 ↗	Nov 29, 2025Saturday, 29 November 2025, 04:15	6.1 MEDIUM	—
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.
CVE-2025-45612 ↗	May 5, 2025Monday, 5 May 2025, 20:15	9.8 CRITICAL	—
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
CVE-2024-24112 ↗	Feb 6, 2024Tuesday, 6 February 2024, 01:15	9.8 CRITICAL	—
xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
CVE-2021-43432 ↗	Apr 7, 2022Thursday, 7 April 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.