•
MEDIUM Severity
CVE-2025-5133
Cross site scripting vulnerability in Tmall Demo Search Box
Overview
A problematic vulnerability present in Tmall Demo up to 20250505 resulting from an unknown function of the Search Box component. The vulnerability leads to cross site scripting and can be exploited remotely.
Technical Details
The manipulation of this vulnerability leads to cross site scripting. Although the attack can be launched remotely, user interaction is required. The vendor was informed but has not responded.
CVSS Metrics
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- User Interaction: REQUIRED
- Scope: UNCHANGED
- Confidentiality Impact: NONE
- Integrity Impact: LOW
- Availability Impact: NONE
Impact
This vulnerability can allow unauthorized disclosure of information leading to a loss of integrity.
Recommendations
Regularly update and patch your systems. Review your source code to remove XSS vulnerabilities.
Threat Metrics
- cvss_score: 4.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW