CVE-2020-20508
Shopkit v2.7 contains a reflective XSS in the /account/register flow. The vulnerability stems from unsanitized input in the E‑Mail text field, allowing an attacker to craft payloads that hijack user credentials. Affected component: Shopkit account registration. Root cause: inadequate input saniti...