CVE-2025-8221

Name of the Vulnerable Software and Affected Versions jerryshensjf JPACookieShop 蛋糕商城JPA版 versions up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999

Description A cross-site scripting issue exists due to the manipulation of the keyword argument within the goodsSearch function of the GoodsCustController.java file. This allows for remote attacks. The exploit has been publicly disclosed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the keyword argument in the goodsSearch function until a patch is available.