A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.shopizer:shopizer(Maven) | 2.0.2 | 3.0.0 | N/A |
CVSS Metrics
