CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

Shopizer is vulnerable to Cross-site Scripting

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

GHSA-FQCW-2XHJ-P63G Shopizer is vulnerable to Cross-site Scripting

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

CVE-2026-36766

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

Shopizer 跨站脚本漏洞

Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a cross-site scripting vulnerability. This vulnerability stems from the XssHttpServletRequestWrapper class, which has multiple authenticated cross-site scripting...

CVE-2026-36766

CVE-2026-36766 describes multiple authenticated XSS vulnerabilities in the XssHttpServletRequestWrapper class of Shopizer v3.2.5. The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload through getInputStream() or getReader(). The CVE entry notes the att...

OSV-2020-110 Heap-buffer-overflow in parquet::internal::RecordReader::Make

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20989 Crash type: Heap-buffer-overflow READ 8 Crash state: parquet::internal::RecordReader::Make parquet::arrow::LeafReader::LeafReader parquet::arrow::GetReader...

WebKit constructJSReadableStreamDefaultReader Type Confusion

WebKit: Type confusion in constructJSReadableStreamDefaultReader CVE-2017-2457 EncodedJSValue JSCHOSTCALL constructJSReadableStreamDefaultReaderExecState& exec VM& vm = exec.vm; auto scope = DECLARETHROWSCOPEvm; JSReadableStream stream = jsDynamicDowncastexec.argument0; if !stream return...

Apple WebKit 10.0.2(12602.3.12.0.1, r210800) - constructJSReadableStreamDefaultReader Type Confusion

Exploit for multiple platform in category web applications exec.argument0; if !stream return throwArgumentTypeErrorexec, scope, 0, "stream", "ReadableStreamReader", nullptr, "ReadableStream"; JSValue jsFunction = stream-get&exec, Identifier::fromString&exec, "getReader"; let rs = new...