{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2352","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-15T20:34:40.124Z","datePublished":"2025-03-16T23:00:11.835Z","dateUpdated":"2025-03-17T14:55:43.017Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-16T23:00:11.835Z"},"title":"StarSea99 starsea-mall Backend save cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"StarSea99","product":"starsea-mall","versions":[{"version":"1.0","status":"affected"}],"modules":["Backend"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Eine Schwachstelle wurde in StarSea99 starsea-mall 1.0 entdeckt. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/indexConfigs/save der Komponente Backend. Durch die Manipulation des Arguments categoryName mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-03-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-15T21:39:50.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Jing1 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.299819","name":"VDB-299819 | StarSea99 starsea-mall Backend save cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.299819","name":"VDB-299819 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.513137","name":"Submit #513137 | https://github.com/StarSea99/starsea-mall starsea-mall 1.0 XSS","tags":["third-party-advisory"]},{"url":"https://github.com/Jingyi-u/starsea-mall/tree/main","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-17T14:55:09.306583Z","id":"CVE-2025-2352","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-17T14:55:43.017Z"}}]}}