CVE-2020-11006

Published May 8th, 2020

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

3.5

LOW

Affected

PROJECT

Description

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

shopizer-ecommerce/shopizer

Shopizer java e-commerce software

GitHub

3.91K