2 matches found
CVE-2021-33562
A reflected cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL...
CVE-2021-33562
Shopizer up to version 2.17.0 is affected by a reflected XSS vulnerability that can be triggered via the ref parameter on product pages (e.g., product/insert-product-name-here.html/ref=). The issue affects the way the application handles user-supplied input in the product page context, allowing a...