CVE-2022-23060
maven/com.shopizer/shopizer
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab
All versions starting from 2.0 up to 2.17.0
Unfortunately, there is no solution available yet.
2022-05-09
source |