A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
CPE | Name | Operator | Version |
---|---|---|---|
com.shopizer:shopizer | eq | 2.16.0 |