Exrick Xmall

6 CVEs affecting Exrick Xmall. Latest disclosed: 2026-01-12. Critical: 3, High: 1.

Top CVEs affecting Exrick Xmall
CVESeverityScorePublishedSummary
CVE-2025-45612Critical9.82025-05-05Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
CVE-2025-28399Critical9.82025-04-15An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
CVE-2024-24112Critical9.82024-02-06xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.
CVE-2023-36331High8.22026-01-12Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the q…
CVE-2025-65540Medium6.12025-11-29Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and…
CVE-2021-43432Medium6.12022-04-07A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.