CVE-2025-0400

Name of the Vulnerable Software and Affected Versions StarSea99 starsea-mall version 1.0

Description A cross-site scripting issue affects the processing of the file "/admin/categories/update", where the manipulation of the categoryName argument leads to cross-site scripting. The attack may be initiated remotely. A public exploit has been disclosed, indicating a significant security risk.

Recommendations For StarSea99 starsea-mall version 1.0, as a temporary workaround, consider restricting access to the "/admin/categories/update" endpoint until a patch is available. Additionally, avoid using the categoryName argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.