Vulnerabilities > Shopizer > Shopizer > 2.15.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-24 CVE-2021-33561 Cross-site Scripting vulnerability in Shopizer
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration.
network
low complexity
shopizer CWE-79
4.8
4.8
2021-05-24 CVE-2021-33562 Cross-site Scripting vulnerability in Shopizer
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.
network
low complexity
shopizer CWE-79
4.8
4.8