141 matches found
Shopizer is vulnerable to Cross-site Scripting
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
Cross-site Scripting (XSS)
Overview com.shopizer:shopizer is an open source e-commerce software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInputStream or getReader functions in the XssHttpServletRequestWrapper class. An attacker can inject and execute arbitrary web scripts or...
GHSA-FQCW-2XHJ-P63G Shopizer is vulnerable to Cross-site Scripting
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer through version 3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
Directory Traversal
Overview com.shopizer:shopizer is an open source e-commerce software. Affected versions of this package are vulnerable to Directory Traversal through the /api/v1/private/content/images/add endpoint when processing crafted POST requests while configured with the httpd local filesystem storage...
Shopizer has a path traversal issue
A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
GHSA-F5W4-7CCJ-5M75 Shopizer has a path traversal issue
A path traversal vulnerability in the /content/images/add endpoint of shopizer through version 3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
CVE-2026-36766
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
CVE-2026-36766
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
Shopizer 路径遍历漏洞
Shopizer is an open-source e-commerce solution developed by the Shopizer team, based on Java. Version 3.2.5 of Shopizer contains a path traversal vulnerability. This vulnerability stems from the /content/images/add endpoint, where path traversal is possible, allowing attackers to write arbitrary...
PT-2026-36156
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
PT-2026-36133
Name of the Vulnerable Software and Affected Versions shopizer version 3.2.5 Description A path traversal issue in the '/content/images/add' endpoint allows attackers to write arbitrary files to any writable path using a crafted POST request. Path traversal is a technique that allows an attacker ...
CVE-2026-36766
CVE-2026-36766 describes multiple authenticated XSS vulnerabilities in the XssHttpServletRequestWrapper class of Shopizer v3.2.5. The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload through getInputStream() or getReader(). The CVE entry notes the att...
CVE-2026-36767
shopizer 3.2.5 is affected by a path traversal vulnerability in the /content/images/add endpoint that allows an attacker to write arbitrary files to any writable path via a crafted POST request. This is a high-impact issue (CVSS v3.1: 10.0, critical, network access, no authentication, user intera...
CVE-2026-36766
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
CVE-2026-36766
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
EUVD-2026-26401
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...
EUVD-2026-26406
Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...
CVE-2026-36767
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request...