com.shopizer:shopizer
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.shopizer:shopizerpage 1 of 1
- CVE-2021-33561MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.17.02021-05-24
vulnerable: 2.16.0
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is…
- CVE-2021-33562MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.17.02021-05-24
vulnerable: 2.16.0
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-h…
- CVE-2022-23059MEDIUMCVSS 4.8EG 4.8✓ Fixed in 3.0.02022-03-29
vulnerable: 2.16.0
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
- CVE-2026-36766MEDIUMCVSS 5.4EG 5.42026-04-30
vulnerable: 2.16.0
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStrea…
- CVE-2026-36767CRITICALCVSS 10.0EG 10.02026-04-30
vulnerable: 2.16.0
A path traversal vulnerability in the /content/images/add endpoint of shopizer v3.2.5 allows attackers write arbitrary files to any writeable path via a crafted POST request.
Check whether com.shopizer:shopizer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.shopizer:shopizer CVEs against the assets you own.
Start Free Scan →