CVE-2022-23059

Published March 29th, 2022

View on NVD ↗

CVSS v3

4.8

MEDIUM

CVSS v2

3.5

LOW

Affected

PROJECT

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

shopizer-ecommerce/shopizer

Shopizer java e-commerce software

GitHub

3.91K