Vulnerabilities > Shopizer > Shopizer > 2.14.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-03 | CVE-2022-23063 | Insufficient Session Expiration vulnerability in Shopizer In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. | 6.5 |
2022-05-01 | CVE-2022-23060 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | 3.5 |
2022-05-01 | CVE-2022-23061 | Authorization Bypass Through User-Controlled Key vulnerability in Shopizer In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | 5.5 |
2022-03-29 | CVE-2022-23059 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 3.5 |
2021-05-24 | CVE-2021-33561 | Cross-site Scripting vulnerability in Shopizer A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. | 3.5 |
2021-05-24 | CVE-2021-33562 | Cross-site Scripting vulnerability in Shopizer A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL. | 3.5 |