Vulnerabilities > CVE-2022-23059 - Unspecified vulnerability in Shopizer

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

shopizer

NVD

Published: 2022-03-29

Updated: 2024-11-21

Summary

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

Vulnerable Configurations

Part	Description	Count
Application	Shopizer Shopizer Shopizer 2.0 Shopizer Shopizer 2.0.1 Shopizer Shopizer 2.0.2 Shopizer Shopizer 2.0.2.1 Shopizer Shopizer 2.0.3 Shopizer Shopizer 2.0.4 Shopizer Shopizer 2.0.5 Shopizer Shopizer 2.0.6 Shopizer Shopizer 2.2.0 Shopizer Shopizer 2.3.0 Shopizer Shopizer 2.4.0 Shopizer Shopizer 2.5.0 Shopizer Shopizer 2.6.0 Shopizer Shopizer 2.7.0 Shopizer Shopizer 2.8.0 Shopizer Shopizer 2.9.0 Shopizer Shopizer 2.10.0 Shopizer Shopizer 2.11.0 Shopizer Shopizer 2.13.0 Shopizer Shopizer 2.14.0 Shopizer Shopizer 2.14.1 Shopizer Shopizer 2.15.0 Shopizer Shopizer 2.16.0 Shopizer Shopizer 2.17.0	24

Summary

Vulnerable Configurations

References