Vulnerabilities > Newbee Mall Project > Newbee Mall > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-30216 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall 1.0/20191023 Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | 5.4 |
| 2022-04-10 | CVE-2022-27476 | Cross-site Scripting vulnerability in Newbee-Mall Project Newbee-Mall 1.0.0 A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter. | 6.1 |
| 2021-01-26 | CVE-2020-23447 | Cross-site Scripting vulnerability in Newbee-Mall Project Newbee-Mall 1.0 newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. | 6.1 |