CVE-2020-11006

CRITICAL

Shopizer < 2.11.0 - Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

Scores

CVSS v3 9.1
EPSS 0.0063
EPSS Percentile 45.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Details

CWE
CWE-79
Status published
Products (1)
shopizer/shopizer < 2.11.0
Published May 08, 2020
Tracked Since Feb 18, 2026