CVE-2025-28094

Medium CVSS: 6.5

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

Vendor

Product

CWE

Yayın Tarihi

2025-03-28 22:15:18

Güncelleme

2025-04-07 14:09:44

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Shopxo MEDIUM Shopxo 2025

https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo

Medium

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Uplo…

Medium

CVE-2025-28092

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

Medium

CVE-2025-28093

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

Critical

CVE-2025-26325

ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php.

Medium

CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of…