CVE-2025-1114: newbee-mall Add Category Page save cross site scripting
First published: Fri Feb 07 2025(Updated: )
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| newbee-mall |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1114?
CVE-2025-1114 is classified as problematic due to the potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2025-1114?
To fix CVE-2025-1114, sanitize and validate the input for the categoryName parameter in the save function.
What software is affected by CVE-2025-1114?
CVE-2025-1114 affects newbee-mall version 1.0 specifically in the Add Category Page.
What type of vulnerability is CVE-2025-1114?
CVE-2025-1114 is a cross-site scripting (XSS) vulnerability.
Can CVE-2025-1114 be exploited remotely?
Yes, CVE-2025-1114 can be exploited remotely by injecting malicious scripts through the categoryName input.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/newbee-mall
- canonical/newbee-mall