CVE-2025-0400

EPSS 0.28%
Veröffentlicht 12.01.2025 23:15:07
Zuletzt bearbeitet 10.10.2025 19:14:24
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

StarSea99 starsea-mall update cross site scripting

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Starsea99 ≫ Starsea-mall Version1.0.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.198

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	2.4	0.9	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com	3.3	6.4	2.9	AV:N/AC:L/Au:M/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/StarSea99/starsea-mall/issues/5

Not Applicable

https://github.com/StarSea99/starsea-mall/issues/5#issue-2765562635

Not Applicable

https://vuldb.com/?ctiid.291275

VDB Entry

Permissions Required

https://vuldb.com/?id.291275

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.473321

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2025-0400

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0400

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0400

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-0400