Information disclosure

2020-05-0819:15:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

CPENameOperatorVersion
shopizerlt2.11.0

CPE	Name	Operator	Version
	shopizer	lt	2.11.0

References

github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a

github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-8pc4-gvfw-634p