CVE-2025-2086 MEDIUM

CVE-2025-2086: StarSea99 starsea-mall update cross site scripting

Vendor Starsea99

Product starsea-mall

Weakness CWE-79 · XSS

Published March 7, 2025

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 7, 2025 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2086

Related vulnerabilities

04Related CVE

CVE-2025-26992 WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-0776 Remote Code Execution in Baicells QRTB Platform CVE-2024-10187 myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode CVE-2026-27225 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-4775 WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting