CVE-2020-11006

Summary

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

Affected Software

VendorProductVersion RangeStatus
shopizer-ecommerceshopizer< 2.11.0affected

Weaknesses

  • XSS in Shopizer

ADP Enrichment

CVE Program Container

Additional References

References