CVE-2022-23060

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/com.shopizer/shopizer

Identifiers

CVE-2022-23060

Package Slug

maven/com.shopizer/shopizer

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab

Affected Versions

All versions starting from 2.0 up to 2.17.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-05-09

source