CVE-2021-33562

Name of the Vulnerable Software and Affected Versions Shopizer versions prior to 2.17.0

Description A reflected cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, for example, a "product/insert-product-name-here.html/ref=" URL. This enables attackers to execute malicious scripts on the client-side.

Recommendations For versions prior to 2.17.0, update to version 2.17.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ref parameter in the affected URL to minimize the risk of exploitation.