CVE-2025-65540 – Xmall XSS

CVE ID : CVE-2025-65540

Published : Nov. 29, 2025, 4:15 a.m. | 2 hours, 8 minutes ago

Description : Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-66291 – OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments

CVE-2025-66290 – OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments

CVE-2025-66289 – OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

CVE-2025-66225 – OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow