Lucene search

[email protected]CVE-2021-33562

HistoryMay 24, 2021 - 11:15 p.m.

CVE-2021-33562

2021-05-2423:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-33562

shopizer

xss

vulnerability

web script

html

nvd

security

remote attackers

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.

Affected configurations

NVD

Node

shopizershopizerRange<2.17.0

CPENameOperatorVersion
shopizer:shopizershopizerlt2.17.0

CPE	Name	Operator	Version
shopizer:shopizer	shopizer	lt	2.17.0

References

github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271

github.com/shopizer-ecommerce/shopizer/compare/2.16.0...2.17.0

www.exploit-db.com/exploits/49901

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

Related for CVE-2021-33562

nvd1 github1 osv2 cvelist1 prion1 exploitdb1