cvedb.io
CVE-2025-65540
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2025-11-29T04:15:56.417 · Last modified 2026-06-17T09:55:46.717

Summary

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.

Affected products

exrick — xmall

Does this affect you?

Add your gear to cvedb and we'll alert you only when exrick ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.