Vulnerabilities > Newbee Mall Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-30216 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall 1.0/20191023 Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | 5.4 |
| 2022-04-10 | CVE-2022-27476 | Cross-site Scripting vulnerability in Newbee-Mall Project Newbee-Mall 1.0.0 A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. | 6.1 |
| 2022-04-10 | CVE-2022-27477 | Unrestricted Upload of File with Dangerous Type vulnerability in Newbee-Mall Project Newbee-Mall 1.0 Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit. | 9.8 |
| 2021-01-26 | CVE-2020-23449 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. | 7.5 |
| 2021-01-26 | CVE-2020-23448 | Use of Incorrectly-Resolved Name or Reference vulnerability in Newbee-Mall Project Newbee-Mall newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. | 9.8 |
| 2021-01-26 | CVE-2020-23447 | Cross-site Scripting vulnerability in Newbee-Mall Project Newbee-Mall 1.0 newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. | 6.1 |
| 2019-11-18 | CVE-2019-19113 | SQL Injection vulnerability in Newbee-Mall Project Newbee-Mall 1.0 main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | 9.8 |