Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Shopizer Security Vulnerabilities

cve
cve

CVE-2022-23063

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-03 09:15 AM
678
cve
cve

CVE-2022-23060

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files”...

4.8CVSS

4.7AI Score

0.001EPSS

2022-05-01 01:15 PM
58
cve
cve

CVE-2022-23061

In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR)...

6.5CVSS

6.4AI Score

0.001EPSS

2022-05-01 01:15 PM
52
2
cve
cve

CVE-2022-23059

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript...

4.8CVSS

4.7AI Score

0.001EPSS

2022-03-29 11:15 AM
84
cve
cve

CVE-2021-33562

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref=...

4.8CVSS

4.9AI Score

0.002EPSS

2021-05-24 11:15 PM
85
cve
cve

CVE-2021-33561

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when...

4.8CVSS

4.9AI Score

0.002EPSS

2021-05-24 11:15 PM
89
cve
cve

CVE-2020-11006

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version...

5.4CVSS

5.4AI Score

0.001EPSS

2020-05-08 07:15 PM
116
cve
cve

CVE-2020-11007

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

6.5CVSS

6.3AI Score

0.001EPSS

2020-04-16 07:15 PM
46