What is CVE-2025-0400?

A medium-severity cross-site scripting vulnerability has been identified in StarSea99's Starsea-Mall version 1.0. Organizations using this software should prioritize patching to mitigate risks associated with remote exploitation.

What is the severity of CVE-2025-0400?

CVE-2025-0400 has a severity rating of MEDIUM with a CVSS base score of 5.1.

CVE-2025-0400 | Medium Vulnerability in StarSea99 Starsea-Mall

A vulnerability was found in StarSea99 starsea-mall 1.0, which has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross-site scripting. The attack may be initiated remotely, and the exploit has been disclosed to the public and may be used.

With a CVSS score of 5.1, this vulnerability is classified as medium severity. Organizations should address this vulnerability to mitigate potential risks of exploitation.

Risk to organizations includes unauthorized access to sensitive information resulting from successful exploitation of this cross-site scripting vulnerability. Organizations should prioritize patching immediately.

As of now, there is no confirmed public exploit available for this vulnerability, but organizations should remain vigilant as the exploit could be utilized in the wild.

Vulnerability Details

The vulnerability identified in StarSea99 starsea-mall allows attackers to execute arbitrary scripts in the context of the user's browser. This is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) and CWE-94 (Improper Control of Generation of Code ('Code Injection')).

The CVE was published on January 12, 2025, and has undergone analysis. The specific affected version is starsea-mall 1.0, and it has a reported attack vector of NETWORK with a low attack complexity.

Technical Analysis

The root cause of this vulnerability lies in the insufficient validation of the input received from the /admin/categories/update endpoint. Attackers can exploit this vulnerability by manipulating the categoryName argument, resulting in cross-site scripting.

The attack vector is network-based, and the complexity is low, meaning that it does not require advanced skills to exploit. High privileges are required to initiate the attack, and no user interaction is necessary. The confidentiality impact is none, while the integrity impact is low.

Risk & Impact Analysis

Organizations using StarSea99 starsea-mall should be aware that successful exploitation could lead to unauthorized actions being performed on behalf of users, compromising the integrity of the application. The potential blast radius includes all users interacting with the compromised application.

Given the reported CVSS score of 5.1, it is essential for organizations to address this vulnerability in their patch cycle. Organizations should schedule remediation to prevent exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of the product is starsea-mall 1.0. All versions prior to vendor patch are at risk.

Mitigation & Remediation

Organizations should implement the following mitigations to address this vulnerability:

1. Apply the latest security patches provided by StarSea99 to remediate the vulnerability.

2. Conduct regular security assessments and penetration testing to identify similar vulnerabilities.

3. Implement input validation and output encoding to prevent cross-site scripting attacks.

For more comprehensive security strategies, organizations can explore our penetration testing services.

Detection Guidance

Organizations should monitor logs for unusual activity related to the /admin/categories/update endpoint. They should also look for behavioral anomalies that could indicate exploitation attempts.

Implementing network signatures can help detect potential exploitation traffic, while monitoring system changes can provide early indicators of compromise.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-0400 highlights the ongoing risk of cross-site scripting vulnerabilities in web applications. Organizations must recognize that even medium-severity vulnerabilities can pose significant threats if left unaddressed.

This vulnerability represents a pattern of vulnerabilities that often arise from inadequate input validation. Security teams should take preventive measures to strengthen their application security posture.

For further reading on application security best practices, refer to our blog on application security assessments and explore our comprehensive guide on penetration testing methodologies to better understand how to safeguard your applications.

Finally, organizations should prioritize building a robust security culture that emphasizes continuous learning and adaptation to emerging threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0400: Medium Vulnerability in StarSea99 Starsea-Mall