Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by Sui Shang Information Technology
CVE-2025-12290 (GCVE-0-2025-12290)
Vulnerability from nvd – Published: 2025-10-27 15:02 – Updated: 2025-10-27 15:55
VLAI
Title
Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting
Summary
A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329958 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.329958 | signaturepermissions-required |
| https://vuldb.com/?submit.675436 | third-party-advisory |
| https://github.com/1276486/CVE/issues/18 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sui Shang Information Technology | Suishang Enterprise-Level B2B2C Multi-User Mall System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12290",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:15:31.099392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:55:50.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/1276486/CVE/issues/18"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Suishang Enterprise-Level B2B2C Multi-User Mall System",
"vendor": "Sui Shang Information Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zre0x1c (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 wurde eine Schwachstelle gefunden. Es betrifft eine unbekannte Funktion der Datei /i/359. Mittels Manipulieren des Arguments keywords mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:02:08.700Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329958 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329958"
},
{
"name": "VDB-329958 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329958"
},
{
"name": "Submit #675436 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System V1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.675436"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/1276486/CVE/issues/18"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:38:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12290",
"datePublished": "2025-10-27T15:02:08.700Z",
"dateReserved": "2025-10-26T16:33:46.057Z",
"dateUpdated": "2025-10-27T15:55:50.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12289 (GCVE-0-2025-12289)
Vulnerability from nvd – Published: 2025-10-27 15:02 – Updated: 2025-10-27 15:55
VLAI
Title
Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting
Summary
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329957 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.329957 | signaturepermissions-required |
| https://vuldb.com/?submit.675435 | third-party-advisory |
| https://github.com/1276486/CVE/issues/19 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sui Shang Information Technology | Suishang Enterprise-Level B2B2C Multi-User Mall System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:16:40.365085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:55:56.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/1276486/CVE/issues/19"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Suishang Enterprise-Level B2B2C Multi-User Mall System",
"vendor": "Sui Shang Information Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zre0x1c (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 entdeckt. Betroffen davon ist eine unbekannte Funktion der Datei /Point/index/activity_state/1/category_id/1001. Mittels dem Manipulieren des Arguments category_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:02:05.980Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329957 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329957"
},
{
"name": "VDB-329957 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329957"
},
{
"name": "Submit #675435 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System V1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.675435"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/1276486/CVE/issues/19"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:38:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12289",
"datePublished": "2025-10-27T15:02:05.980Z",
"dateReserved": "2025-10-26T16:33:43.670Z",
"dateUpdated": "2025-10-27T15:55:56.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12290 (GCVE-0-2025-12290)
Vulnerability from cvelistv5 – Published: 2025-10-27 15:02 – Updated: 2025-10-27 15:55
VLAI
Title
Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting
Summary
A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329958 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.329958 | signaturepermissions-required |
| https://vuldb.com/?submit.675436 | third-party-advisory |
| https://github.com/1276486/CVE/issues/18 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sui Shang Information Technology | Suishang Enterprise-Level B2B2C Multi-User Mall System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12290",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:15:31.099392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:55:50.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/1276486/CVE/issues/18"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Suishang Enterprise-Level B2B2C Multi-User Mall System",
"vendor": "Sui Shang Information Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zre0x1c (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 wurde eine Schwachstelle gefunden. Es betrifft eine unbekannte Funktion der Datei /i/359. Mittels Manipulieren des Arguments keywords mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:02:08.700Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329958 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329958"
},
{
"name": "VDB-329958 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329958"
},
{
"name": "Submit #675436 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System V1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.675436"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/1276486/CVE/issues/18"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:38:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12290",
"datePublished": "2025-10-27T15:02:08.700Z",
"dateReserved": "2025-10-26T16:33:46.057Z",
"dateUpdated": "2025-10-27T15:55:50.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12289 (GCVE-0-2025-12289)
Vulnerability from cvelistv5 – Published: 2025-10-27 15:02 – Updated: 2025-10-27 15:55
VLAI
Title
Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting
Summary
A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.329957 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.329957 | signaturepermissions-required |
| https://vuldb.com/?submit.675435 | third-party-advisory |
| https://github.com/1276486/CVE/issues/19 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sui Shang Information Technology | Suishang Enterprise-Level B2B2C Multi-User Mall System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12289",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:16:40.365085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:55:56.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/1276486/CVE/issues/19"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Suishang Enterprise-Level B2B2C Multi-User Mall System",
"vendor": "Sui Shang Information Technology",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zre0x1c (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0 entdeckt. Betroffen davon ist eine unbekannte Funktion der Datei /Point/index/activity_state/1/category_id/1001. Mittels dem Manipulieren des Arguments category_id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:02:05.980Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-329957 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.329957"
},
{
"name": "VDB-329957 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.329957"
},
{
"name": "Submit #675435 | Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System V1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.675435"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/1276486/CVE/issues/19"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-26T17:38:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1001 cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12289",
"datePublished": "2025-10-27T15:02:05.980Z",
"dateReserved": "2025-10-26T16:33:43.670Z",
"dateUpdated": "2025-10-27T15:55:56.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}