CVE-2022-23060

Name of the Vulnerable Software and Affected Versions Shopizer versions 2.0 through 2.17.0

Description A Stored Cross Site Scripting (XSS) issue exists, where a privileged user can inject malicious JavaScript in the filename under the “Manage files” tab. This allows an attacker to potentially execute malicious code.

Recommendations For Shopizer versions 2.0 through 2.17.0, consider restricting access to the "Manage files" tab to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of privileged users to inject malicious JavaScript in filenames. At the moment, there is no information about a newer version that contains a fix for this issue.