Execx

#14742of 53,611
18.3Total CVSS
Vulnerabilities · 3
Medium
3
PT-2025-10087
6.1
2025-03-07
Starsea99 · Starsea-Mall · CVE-2025-2085
**Name of the Vulnerable Software and Affected Versions** StarSea99 starsea-mall version 1.0 **Description** A problematic vulnerability has been discovered, affecting an unknown part of the file /admin/carousels/save. The issue involves the manipulation of the `redirectUrl` argument, leading to cross-site scripting. This can be initiated remotely. **Recommendations** For version 1.0, as a temporary workaround, consider restricting access to the /admin/carousels/save file until a patch is available. Avoid using the `redirectUrl` argument in the affected file to minimize the risk of exploitation.
PT-2025-10088
6.1
2025-03-07
Starsea99 · Starsea-Mall · CVE-2025-2086
**Name of the Vulnerable Software and Affected Versions** StarSea99 starsea-mall version 1.0 **Description** A vulnerability was found in StarSea99 starsea-mall, affecting unknown code of the file /admin/indexConfigs/update. The manipulation of the `redirectUrl` argument leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the `/admin/indexConfigs/update` endpoint until a patch is available. Avoid using the `redirectUrl` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-10089
6.1
2025-03-07
Starsea99 · Starsea99 Starsea-Mall · CVE-2025-2087
**Name of the Vulnerable Software and Affected Versions** StarSea99 starsea-mall version 1.0 **Description** A vulnerability has been found in StarSea99 starsea-mall, affecting some unknown processing of the file "/admin/goods/update". The manipulation of the argument `goodsName` leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** As a temporary workaround, consider restricting access to the "/admin/goods/update" endpoint until a patch is available. Avoid using the `goodsName` argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.