Vulnerabilities > Shopizer
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-03 | CVE-2022-23063 | Insufficient Session Expiration vulnerability in Shopizer In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. | 8.8 |
2022-05-01 | CVE-2022-23060 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | 4.8 |
2022-05-01 | CVE-2022-23061 | Authorization Bypass Through User-Controlled Key vulnerability in Shopizer In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | 6.5 |
2022-03-29 | CVE-2022-23059 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 4.8 |
2021-05-24 | CVE-2021-33561 | Cross-site Scripting vulnerability in Shopizer A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. | 4.8 |
2021-05-24 | CVE-2021-33562 | Cross-site Scripting vulnerability in Shopizer A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL. | 4.8 |
2020-05-08 | CVE-2020-11006 | Cross-site Scripting vulnerability in Shopizer In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. | 5.4 |
2020-04-16 | CVE-2020-11007 | Improper Input Validation vulnerability in Shopizer In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. | 6.5 |