Vulnerabilities > Shopizer > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-01 | CVE-2022-23060 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | 3.5 |
| 2022-03-29 | CVE-2022-23059 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 3.5 |
| 2021-05-24 | CVE-2021-33562 | Cross-site Scripting vulnerability in Shopizer A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL. | 3.5 |
| 2021-05-24 | CVE-2021-33561 | Cross-site Scripting vulnerability in Shopizer A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. | 3.5 |
| 2020-05-08 | CVE-2020-11006 | Cross-site Scripting vulnerability in Shopizer In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. | 3.5 |