CVE-2025-65540 — MEDIUM (6.1)

Vulnerability Description

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Exrick	Xmall	1.1

Related Weaknesses (CWE)

CWE-79

References

https://github.com/Exrick/xmall/issues/101ExploitThird Party AdvisoryIssue Tracking

FAQ

What is CVE-2025-65540?

CVE-2025-65540 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HT...

How severe is CVE-2025-65540?

CVE-2025-65540 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65540?

Check the references section above for vendor advisories and patch information. Affected products include: Exrick Xmall.