Advisories for Maven/Com.shopizer/Shopizer package

2022

Insufficient Session Expiration

In Shopizer versions 2.3.0 to 3.0.1 is vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

2021

Cross-site Scripting

A reflected cross-site scripting (XSS) vulnerability in Shopizer allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.

2020

Improper Input Validation

In Shopizer, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart.