PT-2022-15819 · Shopizer · Shopizer

Published

2022-03-29

Updated

2022-04-08

CVE-2022-23059

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Shopizer versions 2.0 through 2.17.0

Description A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

Recommendations For versions 2.0 through 2.17.0, consider disabling the image upload functionality in the "Manage Images" tab until a patch is available to prevent exploitation of the Stored Cross Site Scripting (XSS) vulnerability.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-23059

GHSA-P2J7-6G9H-32XH

Affected Products

Shopizer

PT-2022-15819 · Shopizer · Shopizer

CVE-2022-23059

Weakness Enumeration

Related Identifiers

Affected Products

References · 7