Primary

Context

jerryshensjf JPACookieShop Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in jerryshensjf JPACookieShop 蛋糕商城JPA版 versions prior to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. The issue arises in the goodsSearch function of the GoodsCustController.java file, where the keyword parameter is not properly sanitized before being returned to the user. This vulnerability can be exploited remotely, requiring user interaction.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to the /goods_search endpoint with a crafted keyword parameter that includes a script tag. The response will execute the injected script, demonstrating the cross-site scripting vulnerability.

Added: Jul 27, 2025, 5:20 AM

Updated: Jul 27, 2025, 5:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

jerryshensjf JPACookieShop Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating