Moderate severityNVD Advisory· Published Mar 29, 2022· Updated Sep 16, 2024
Shopizer - Stored XSS in Manage Images
CVE-2022-23059
Description
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.shopizer:shopizerMaven | >= 2.0.2, < 3.0.0 | 3.0.0 |
Affected products
2- Range: 2.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-p2j7-6g9h-32xhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23059ghsaADVISORY
- github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287eghsax_refsource_CONFIRMWEB
- www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23059ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.