PT-2025-36477 · Shopify · Smart Search & Filter
Ocmenog
·
Published
2025-09-08
·
Updated
2025-09-12
·
CVE-2025-55998
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Smart Search & Filter Shopify App version 1.0
Description:
A cross-site scripting (XSS) vulnerability exists in Smart Search & Filter Shopify App. A remote attacker can execute arbitrary JavaScript in a user's web browser by including a malicious payload into the color filter parameter.
Recommendations:
Sanitize user input for the color filter parameter to prevent the injection of malicious JavaScript code.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smart Search & Filter