Cross-Site Scripting Vulnerabilities in xmall by Exrick
CVE-2025-65540

6.1MEDIUM

Key Information:

Vendor: Exrick
Status: xmall
Vendor: CVE Published:; 29 November 2025

What is CVE-2025-65540?

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in xmall v1.1 due to inadequate handling of user input. Specifically, fields such as username and description allow attackers to exploit the application by injecting malicious scripts directly into rendered HTML, compromising the security of users interacting with the platform. Proper sanitization and encoding measures are critical to mitigate this risk.

References

https://github.com/Exrick/xmall/issues/101

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2025
Vulnerability Reserved
Nov 18, 2025

CVE-2025-65540 Data

JSON