CVE-2025-1114 Information

Feb 08, 2025 cve

Description

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore no version details for affected nor updated releases are available.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Reference

https://github.com/newbee-ltd/newbee-mall/issues/94 https://github.com/newbee-ltd/newbee-mall/issues/94#issue-2811680280 https://vuldb.com/?ctiid.295020 https://vuldb.com/?id.295020 https://vuldb.com/?submit.489744

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

3.5

Share on: