CVE-2014-4965
CVE-2014-4965 describes multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier. The flaws allow remote attackers to inject arbitrary web script or HTML via: (1) customername in central/orders/searchcriteria.action; (2) productname in central/catalog/productlist.action; ...