- Description
- A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 3.5
- Impact score
- 1.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
- cna@vuldb.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-1114 🟠 MEDIUM (5.1) 🏢 Unknown Vendor - newbee-mall 🏗️ 1.0 🔗 https://t.co/VzI0t0sfso 🔗 https://t.co/nNMHLCuDYJ 🔗 https://t.co/xKmtTI6ppq 🔗 https://t.co/niosmSwtLs 🔗 https://t.co/VM5LgOdzzK #CyberCron #VulnAlert https://t.co/AkNuNjE2pT
@cybercronai
8 Feb 2025
90 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-1114 Cross-Site Scripting in newbee-mall 1.0 Add Category Page ... https://t.co/zOSAwGFyii Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
8 Feb 2025
15 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-1114 A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Categ… https://t.co/ht6jT3Iieg
@CVEnew
7 Feb 2025
777 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes