CVE-2025-55998
HIGHSmart Search & Filter Shopify/BigCommerce - XSS
Title source: llmDescription
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter
Exploits (1)
Scores
CVSS v3
8.1
EPSS
0.0004
EPSS Percentile
11.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
mezereon/smart_search_and_filter
1.0
Published
Sep 08, 2025
Tracked Since
Feb 18, 2026