Описание
Cross site scripting in Shopizer
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions v2.0.2 through v2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
Пакеты
Наименование
com.shopizer:shopizer
maven
Затронутые версииВерсия исправления
>= 2.0.2, < 3.0.0
3.0.0
Связанные уязвимости
CVSS3: 4.8
nvd
почти 4 года назад
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.