jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java cross site scripting_CVE-2025-8222

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Multiple endpoints are affected.

Basic Information

ID CVE-2025-8222

Source VulDB

Published Jul 27, 2025 at 04:32

Modified Jul 28, 2025 at 16:45

Affected Product

Vendor jerryshensjf

Product JPACookieShop 蛋糕商城JPA版

Version 24a15c02b4f75042c9f7f615a3fed2ec1cefb999

Affected Versions jerryshensjf JPACookieShop 蛋糕商城JPA版 24a15c02b4f75042c9f7f615a3fed2ec1cefb999

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop \u86cb\u7cd5\u5546\u57ceJPA\u7248 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Multiple endpoints are affected.",
    "published": "2025-07-27T04:32:05.698Z",
    "modified": "2025-07-28T16:45:36.587Z",
    "type": "cve",
    "title": "jerryshensjf JPACookieShop \u86cb\u7cd5\u5546\u57ceJPA\u7248 GoodsController.java cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317810\nhttps://vuldb.com/?ctiid.317810\nhttps://vuldb.com/?submit.621785\nhttps://github.com/Bemcliu/cve-reports/blob/main/cve-05-%E8%9B%8B%E7%B3%95%E5%95%86%E5%9F%8EJPA%E7%89%88-Stored%20XSS/readme.md",
    "id": "CVE-2025-8222",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "jerryshensjf JPACookieShop \u86cb\u7cd5\u5546\u57ceJPA\u7248 24a15c02b4f75042c9f7f615a3fed2ec1cefb999",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JPACookieShop \u86cb\u7cd5\u5546\u57ceJPA\u7248",
    "version": "24a15c02b4f75042c9f7f615a3fed2ec1cefb999",
    "vendor": "jerryshensjf",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}