Lucene search
K

5 matches found

CNNVD
CNNVD
added 2026/04/30 12:0 a.m.12 views

Shopizer 路径遍历漏洞

Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a path traversal vulnerability. This vulnerability stems from the /content/images/add endpoint, where path traversal is possible, allowing attackers to write arbitrary...

10CVSS5.9AI score0.00412EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.3AI score0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.10 views

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

5.4CVSS5.3AI score0.00138EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.7 views

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

8.1CVSS6.8AI score0.00202EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/08/22 12:0 a.m.4 views

Shopizer 安全漏洞

Shopizer is a Java-based open source e-commerce solution from the Shopizer team. A security vulnerability exists in Shopizer version 3.2.7, which stems from a CORS implementation that does not validate the Origin header, which could result in a cross-domain read of a sensitive response...

8.1CVSS6.6AI score0.00202EPSS
Exploits1References3
Rows per page
Query Builder