CVE-2025-65540

Published: Nov 29, 2025

Modified: Dec 1, 2025

PUBLISHED

Description

Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Exrick/xmall/issues/101

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-65540

Description

Affected Products

References