Browse all 7 CVE security advisories affecting Tmall. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Tmall operates as a major Chinese e-commerce platform facilitating business-to-consumer transactions. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from web application misconfigurations and input validation flaws. The platform's extensive user base and transaction volume make it an attractive target for threat actors. While no major public security incidents have been widely documented, its 7 recorded CVEs highlight ongoing security challenges typical of large-scale online marketplaces. The platform's security posture reflects common industry issues related to complex web applications handling sensitive financial and personal data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-5136 | Tmall Demo Payment Identifier pay random values — DemoCWE-330 | 3.7 | Low | 2025-05-24 |
| CVE-2025-5135 | Tmall Demo Product Details Page admin cross site scripting — DemoCWE-79 | 2.4 | Low | 2025-05-24 |
| CVE-2025-5134 | Tmall Demo Buy Item Page cross site scripting — DemoCWE-79 | 3.5 | Low | 2025-05-24 |
| CVE-2025-5133 | Tmall Demo Search Box cross site scripting — DemoCWE-79 | 4.3 | Medium | 2025-05-24 |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery — DemoCWE-352 | 4.3 | Medium | 2025-05-24 |
| CVE-2025-5131 | Tmall Demo uploadCategoryImage unrestricted upload — DemoCWE-434 | 4.7 | Medium | 2025-05-24 |
| CVE-2025-5130 | Tmall Demo uploadProductImage unrestricted upload — DemoCWE-434 | 4.7 | Medium | 2025-05-24 |
This page lists every published CVE security advisory associated with Tmall. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.