CVE-2025-12290 MEDIUM

CVE-2025-12290: Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 359 cross site scripting

Vendor Sui Shang Information Technology
Product Suishang Enterprise-Level B2B2C Multi-User Mall System
Weakness CWE-79 · XSS
Published October 27, 2025
Last update October 27, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-0586 code-projects Online Product Reservation System prod.php cross site scripting CVE-2025-12246 chatwoot Admin IframeLoader.vue cross site scripting CVE-2023-3822 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore CVE-2025-22775 WordPress Catalog Importer, Scraper & Crawler Plugin <= 5.1.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-68849 WordPress Quote Master plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability