CVE-2023-36331

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

12/01/2026

Last modified:

12/01/2026

Description

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users&#39; order details via manipulation of the query parameter userId.

Impact

References to Advisories, Solutions, and Tools

https://github.com/Exrick/xmall/issues/100