CVE-2022-23060: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab
References
Detect and mitigate CVE-2022-23060 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →