CVE Details
Basic Information
| Title |
Tmall Demo Search Box cross site scripting |
| Type |
cve |
| Published |
2025-05-24T21:31:04.186Z |
| Last Seen |
|
Product Information
| Vendor |
Tmall |
| Product |
Demo |
| Version |
20250505 |
CVSS Information
| Base Score |
5.3 (MEDIUM) |
| Attack Vector |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A cross-site scripting (XSS) vulnerability exists in the search box of Tmall Demo, allowing remote attackers to inject malicious scripts into web pages viewed by other users. The vulnerability is due to insufficient input sanitization in the search functionality. The attack can be executed remotely, and the exploit is publicly available. No version details are provided as the product uses a rolling release model. The vendor was contacted but did not respond. |
| AI Severity |
Medium |
| Vendor |
Tmall |
| Product |
Tmall Demo |
| Affected Version |
up to 20250505 |
Additional Information
| CVE List |
|
| CWE List |
CWE-79, CWE-94 |
| Bulletin Family |
|
| Source Data |
Tmall Demo 20250505 |
Source Information
| Source Data |
Tmall Demo 20250505 |
| Source Link |
|
Description
A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
View Full CVE Details
