starsea99 CVE Vulnerabilities & Metrics

Focus on starsea99 vulnerabilities and metrics.

Last updated: 25 Nov 2025, 23:25 UTC

About starsea99 Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with starsea99. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total starsea99 CVEs: 7
Earliest CVE date: 12 Jan 2025, 23:15 UTC
Latest CVE date: 16 Mar 2025, 23:15 UTC

Latest CVE reference: CVE-2025-2352

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 7

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical starsea99 CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.27

Max CVSS: 5.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	5
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS starsea99 CVEs

These are the five CVEs with the highest CVSS scores for starsea99, sorted by severity first and recency.

CVE-2025-0399 starsea99 Published on 12 Jan 2025, 23:15 UTC (CVSS: 5.8)
A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2089 starsea99 Published on 07 Mar 2025, 15:15 UTC (CVSS: 5.5)
A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to ...
CVE-2025-2087 starsea99 Published on 07 Mar 2025, 14:15 UTC (CVSS: 4.0)
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2086 starsea99 Published on 07 Mar 2025, 14:15 UTC (CVSS: 4.0)
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2085 starsea99 Published on 07 Mar 2025, 12:15 UTC (CVSS: 4.0)
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

All CVEs for starsea99

CVE-2025-2352 starsea99 vulnerability CVSS: 3.3 16 Mar 2025, 23:15 UTC

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-2089 starsea99 vulnerability CVSS: 5.5 07 Mar 2025, 15:15 UTC

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-2087 starsea99 vulnerability CVSS: 4.0 07 Mar 2025, 14:15 UTC

A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-2086 starsea99 vulnerability CVSS: 4.0 07 Mar 2025, 14:15 UTC

A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-2085 starsea99 vulnerability CVSS: 4.0 07 Mar 2025, 12:15 UTC

A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-0400 starsea99 vulnerability CVSS: 3.3 12 Jan 2025, 23:15 UTC

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-0399 starsea99 vulnerability CVSS: 5.8 12 Jan 2025, 23:15 UTC

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.