Shopify · Smart Search & Filter · CVE-2025-55998
Name of the Vulnerable Software and Affected Versions:
Smart Search & Filter Shopify App version 1.0
Description:
A cross-site scripting (XSS) vulnerability exists in Smart Search & Filter Shopify App. A remote attacker can execute arbitrary JavaScript in a user's web browser by including a malicious payload into the color filter parameter.
Recommendations:
Sanitize user input for the color filter parameter to prevent the injection of malicious JavaScript code.