Vulnerabilities > Shopizer

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-24	CVE-2021-33561	Cross-site Scripting vulnerability in Shopizer A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. network low complexity shopizer CWE-79	4.8
2021-05-24	CVE-2021-33562	Cross-site Scripting vulnerability in Shopizer A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL. network low complexity shopizer CWE-79	4.8
2020-05-08	CVE-2020-11006	Cross-site Scripting vulnerability in Shopizer In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. network low complexity shopizer CWE-79	5.4
2020-04-16	CVE-2020-11007	Improper Input Validation vulnerability in Shopizer In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. network low complexity shopizer CWE-20	6.5

Vulnerabilities > Shopizer {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Shopizer"}]}