CVE-2025-2085 MEDIUM

CVE-2025-2085: StarSea99 starsea-mall save cross site scripting

Vendor Starsea99

Product starsea-mall

Weakness CWE-79 · XSS

Published March 7, 2025

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 7, 2025 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2085 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-27186 [20240803] - Core - XSS in HTML Mail Templates CVE-2015-0749 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability CVE-2025-12066 WP Delete Post Copies <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2025-22316 WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-13143 ZeroWdd studentmanager PermissionController. java submitAddPermission cross site scripting