Mall — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Mall, with AI-generated Chinese analysis, references, and POCs.

Vendor: Weitong

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25858	macrozheng mall <= 1.0.3 Unauthenticated Password Reset via OTP Disclosure CWE-640	9.1	Critical	2026-02-07
CVE-2025-15118	macrozheng mall Member Endpoint update improper authorization CWE-285	4.3	Medium	2025-12-28
CVE-2025-13443	macrozheng mall delete access control CWE-284	5.4	Medium	2025-11-20
CVE-2025-9836	macrozheng mall paySuccess authorization CWE-639	4.3	Medium	2025-09-02
CVE-2025-9835	macrozheng mall cancelUserOrder cancelOrder authorization CWE-639	4.3	Medium	2025-09-02
CVE-2025-9514	macrozheng mall Registration weak password CWE-521	3.7	Low	2025-08-27
CVE-2025-8755	macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization CWE-639	5.3	Medium	2025-08-09
CVE-2025-8750	macrozheng mall Add Product Page upload cross site scripting CWE-79	2.4	Low	2025-08-09
CVE-2025-8742	macrozheng mall Admin Login excessive authentication CWE-307	3.7	Low	2025-08-08
CVE-2025-8741	macrozheng mall login cleartext transmission CWE-319	3.7	Low	2025-08-08
CVE-2025-8191	macrozheng mall Swagger UI index.html cross site scripting CWE-79	3.5	Low	2025-07-26
CVE-2025-4136	Weitong Mall Sale Endpoint improper authorization CWE-285	5.4	Medium	2025-04-30
CVE-2025-4119	Weitong Mall Product Statistics queryTotal access control CWE-284	5.3	Medium	2025-04-30
CVE-2025-4118	Weitong Mall Product History historyList access control CWE-284	5.3	Medium	2025-04-30
CVE-2024-11619	macrozheng mall JWT Token default key CWE-1394	5.0	Medium	2024-11-22
CVE-2022-4961	Weitong Mall OrderDao.xml sql injection CWE-89	5.5	Medium	2024-01-12

All 16 known CVE vulnerabilities affecting Mall with full Chinese analysis, references, and POCs where available.