Newbee-mall Project » Newbee-mall » 1.0.0 : Security Vulnerabilities, CVEs,
Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-04
Updated
2023-05-11
A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-04-10
Updated
2022-04-20
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.
Max CVSS
9.8
EPSS Score
0.21%
Published
2019-11-18
Updated
2019-12-03
3 vulnerabilities found