Vulnerabilities > Shopizer > Shopizer > 2.17.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-03 | CVE-2022-23063 | Insufficient Session Expiration vulnerability in Shopizer In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. | 6.5 |
2022-05-01 | CVE-2022-23060 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | 3.5 |
2022-05-01 | CVE-2022-23061 | Authorization Bypass Through User-Controlled Key vulnerability in Shopizer In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | 5.5 |
2022-03-29 | CVE-2022-23059 | Cross-site Scripting vulnerability in Shopizer A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 3.5 |