📦 Xmall

A privilege escalation vulnerability in Erick xmall v1.1 and earlier allows remote attackers to gain elevated privileges through the updateAddress method in the Address Controller class. This affects ...

CVE-2024-24112 is a SQL injection vulnerability in xmall v1.1 that allows attackers to execute arbitrary SQL commands via the orderDir parameter. This affects all deployments using the vulnerable vers...

Multiple Cross-Site Scripting (XSS) vulnerabilities in xmall v1.1 allow attackers to inject malicious scripts through user input fields like username and description. These scripts execute in victims'...