exrick CVE Vulnerabilities & Metrics

About exrick Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with exrick. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Critical exrick CVEs (CVSS ≥ 9) Over 20 Years

Top 5 Highest CVSS exrick CVEs

These are the five CVEs with the highest CVSS scores for exrick, sorted by severity first and recency.

• CVE-2021-43432 exrick Published on 07 Apr 2022, 19:15 UTC (CVSS: 4.3)
  A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.
• CVE-2025-65540 exrick Published on 29 Nov 2025, 04:15 UTC (CVSS: 0)
  Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.
• CVE-2025-45612 exrick Published on 05 May 2025, 20:15 UTC (CVSS: 0)
  Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
• CVE-2025-28399 exrick Published on 15 Apr 2025, 19:16 UTC (CVSS: 0)
  An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
• CVE-2024-24112 exrick Published on 06 Feb 2024, 01:15 UTC (CVSS: 0)
  xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.

All CVEs for exrick