CVE-2025-5134

Name of the Vulnerable Software and Affected Versions Tmall Demo up to 20250505

Description A problematic vulnerability was found in the Buy Item Page component of Tmall Demo, allowing for cross-site scripting through the manipulation of the Detailed Address argument. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Tmall Demo up to 20250505, as a temporary workaround, consider restricting the use of the Detailed Address argument in the Buy Item Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.