CVE-2022-23059

Summary

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

Affected Software

VendorProductVersion RangeStatus
shopizer-ecommerceShopizer2.0 < unspecifiedaffected
shopizer-ecommerceShopizerunspecified <= 2.17.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References