Directory Traversal

Overview com.shopizer:shopizer is an open source e-commerce software. Affected versions of this package are vulnerable to Directory Traversal through the /api/v1/private/content/images/add endpoint when processing crafted POST requests while configured with the httpd local filesystem storage...

PT-2026-36156

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

EUVD-2021-1395

Malware in sbrugna...

EUVD-2021-1250

Malware in sbrugna...

EUVD-2020-3399

Malware in sbrugna...

EUVD-2020-0396

Malware in sbrugna...

EUVD-2014-4879

Malware in sbrugna...

EUVD-2022-28170

Malicious code in bioql PyPI...

EUVD-2022-28169

Malicious code in bioql PyPI...

EUVD-2022-1486

Malicious code in bioql PyPI...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

CVE-2025-51605

CVE-2025-51605 affects Shopizer 3.2.7. The server’s CORS implementation reflects the Origin header verbatim into Access-Control-Allow-Origin and enables Access-Control-Allow-Credentials: true, allowing authenticated cross-origin requests and read of sensitive responses. Supported by multiple sour...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

CVE-2021-33561

A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...

CVE-2020-11007

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version...

CVE-2020-11006

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0...

CVE-2021-33562

A reflected cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL...

Shopizer 跨站脚本漏洞

Shopizer is a Java open source e-commerce software. A cross-site scripting vulnerability exists in Shopizer versions prior to 2.17.0. A remote attacker can exploit this vulnerability by using the ref parameter to inject arbitrary Web script or HTML into a page about any product...

Shopizer Cross-Site Scripting Vulnerability

Shopizer is Shopizer team of a set of Java-based open source e-commerce solutions . A security vulnerability exists in Shopizer versions prior to 2.11.0. An attacker can exploit the vulnerability to inject a script and save it in the database to execute the script...