Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: March 29, 2022
DetailsA Stored Cross Site Scripting via “Manage Images” tab
PoC Details1. Access “/admin/login.html” URL and login using the credentials “testuser:password”.
3. Run a simple HTTP server with content in “xss.js” file as “alert(“XSS”);”.
4. The uploaded SVG file can be found under “Manage images” and to access it “open image in new tab”.
5. An external JS file has been loaded into the application and triggered an XSS.
Affected EnvironmentsShopizer versions v2.0.2 through v2.17.0
PreventionUpgrade to Shopizer version 3.0.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||High|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|