Vulnerability Description
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Newbee-Mall Project | Newbee-Mall | 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/newbee-ltd/newbee-mall/issues/94ExploitIssue TrackingVendor Advisory
- https://github.com/newbee-ltd/newbee-mall/issues/94#issue-2811680280ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.295020Permissions RequiredVDB Entry
- https://vuldb.com/?id.295020Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.489744Third Party AdvisoryVDB Entry
- https://github.com/newbee-ltd/newbee-mall/issues/94ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-1114?
CVE-2025-1114 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of th...
How severe is CVE-2025-1114?
CVE-2025-1114 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-1114?
Check the references section above for vendor advisories and patch information. Affected products include: Newbee-Mall Project Newbee-Mall.