CVE-2022-23060

Summary

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab

Affected Software

VendorProductVersion RangeStatus
shopizer-ecommerceShopizer2.0 < unspecifiedaffected
shopizer-ecommerceShopizerunspecified <= 2.17.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References