Starsea99 Starsea Mall
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Starsea99 Starsea Mall.
By the Year
In 2026 there have been 0 vulnerabilities in Starsea99 Starsea Mall. Last year, in 2025 Starsea Mall had 7 security vulnerabilities published. Right now, Starsea Mall is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 5.22 |
It may take a day or so for new Starsea Mall vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Starsea99 Starsea Mall Security Vulnerabilities
StarSea99 starsea-mall XSS via categoryName in /admin/indexConfigs/save
CVE-2025-2352
2.4 - Low
- March 16, 2025
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
XSS
StarSea-mall 1.0/2.x Remote RCE via updateUserInfo Access Control
CVE-2025-2089
5.4 - Medium
- March 07, 2025
A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Authorization
StarSea99 starsea-mall 1.0 XSS via goodsName in /admin/goods/update
CVE-2025-2087
6.1 - Medium
- March 07, 2025
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
XSS in StarSea99 starsea-mall 1.0 Admin update
CVE-2025-2086
6.1 - Medium
- March 07, 2025
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
CVE-2025-2085: XSS in starsea-mall 1.0 admin/carousels/save redirectUrl
CVE-2025-2085
6.1 - Medium
- March 07, 2025
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
XSS
starsea-mall 1.0 XSS via /admin/categories/update categoryName
CVE-2025-0400
- January 12, 2025
A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
Unrestricted Remote File Upload in StarSea99 starsea-mall 1.0 UploadController
CVE-2025-0399
- January 12, 2025
A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Authorization
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Starsea99 Starsea Mall or by Starsea99? Click the Watch button to subscribe.
