Vulnerabilities > Shopizer > Shopizer > 2.17.0

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-23063 Insufficient Session Expiration vulnerability in Shopizer
In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration.
network
low complexity
shopizer CWE-613
6.5
6.5
2022-05-01 CVE-2022-23060 Cross-site Scripting vulnerability in Shopizer
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab
network
shopizer CWE-79
3.5
3.5
2022-05-01 CVE-2022-23061 Authorization Bypass Through User-Controlled Key vulnerability in Shopizer
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
network
low complexity
shopizer CWE-639
5.5
5.5
2022-03-29 CVE-2022-23059 Cross-site Scripting vulnerability in Shopizer
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
network
shopizer CWE-79
3.5
3.5