ByteOS Network

NVD Vulnerability Details :

CVE-2022-23059

Analyzed

Source-vulnerabilitylab@mend.io

Published At-29 Mar, 2022 | 11:15

Updated At-08 Apr, 2022 | 10:41

A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

shopizer>>shopizer>>Versions from 2.0(inclusive) to 2.17.0(inclusive)

cpe:2.3:a:shopizer:shopizer:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	vulnerabilitylab@mend.io

CWE ID: CWE-79

Type: Primary

Source: vulnerabilitylab@mend.io

References

Hyperlink	Source	Resource
https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e	vulnerabilitylab@mend.io	Patch Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23059	vulnerabilitylab@mend.io	Exploit Third Party Advisory

Hyperlink: https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e

Source: vulnerabilitylab@mend.io

Resource:

Patch

Third Party Advisory

Hyperlink: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23059

Source: vulnerabilitylab@mend.io

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History