2 matches found
CVE-2021-33561
A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...
CVE-2021-33561
Shopizer prior to 2.17.0 contains a stored XSS vulnerability in the customer_name field across store administration forms (e.g., admin/customers/list.html). The payload is saved in the database and executed for any admin user when data is fetched from the backend. This affects the Java-based Shop...