PT-2025-36477 · Shopify · Smart Search & Filter

Ocmenog

Published

2025-09-08

Updated

2025-09-08

CVE-2025-55998

Report an issue

CVSS v3.1

8.1

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions:

Smart Search & Filter Shopify App version 1.0

Description:

A cross-site scripting (XSS) vulnerability exists in Smart Search & Filter Shopify App. A remote attacker can execute arbitrary JavaScript in a user's web browser by including a malicious payload into the color filter parameter.

Recommendations:

Sanitize user input for the color filter parameter to prevent the injection of malicious JavaScript code.

Exploit

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-55998

Affected Products

Smart Search & Filter

PT-2025-36477 · Shopify · Smart Search & Filter

Weakness Enumeration

Related Identifiers

Affected Products

References · 4