Shopizer

3 exploits Active since Mar 2022
CVE-2022-23059 WRITEUP MEDIUM WRITEUP
Shopizer 2.0-2.17.0 - Stored Cross-Site Scripting via SVG File Upload in Manage Images Tab
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
CVSS 4.8
CVE-2022-23060 WRITEUP MEDIUM WRITEUP
Shopizer 2.0-2.17.0 - Stored Cross-Site Scripting via Manage Files Filename
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab
CVSS 4.8
CVE-2022-23061 WRITEUP MEDIUM WRITEUP
Shopizer 2.0-2.17.0 - Insecure Direct Object Reference to Superadmin Deletion
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability.
CVSS 6.5