CVE-2025-5134
A vulnerability found in Tmall Demo leading to cross site scripting.
Overview
A problematic vulnerability was found in Tmall Demo, impacting an unknown functionality of the component Buy Item Page. Specifically, the manipulation of the Detailed Address argument leads to cross site scripting. This exploit could be launched remotely and is known to the public.
Technical Details
This security flaw exists in the Buy Item Page component of Tmall Demo. This cross-site scripting (XSS) vulnerability is caused by the manipulation of the Detailed Address argument. It could be exploited remotely, with no requirements for an attack.
CVSS Metrics
- Attack Vector: Network
- Attack Complexity: Low
- Attack Requirements: None
- Privileges Required: Low
- User Interaction: Passive
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
- Base Score: 5.1
Impact
The vulnerability facilitates cross site scripting attacks, which could lead to unauthorized access and potential manipulation of user data.
Recommendations
To mitigate the vulnerability, it is recommended to conduct a code review and sanitize all user input, particularly related to the Detailed Address field. Contact the vendor for further updates or patches.
Threat Metrics
- cvss_score: 5.1
- severity: Medium
- attack_vector: Network
- attack_complexity: Low