Lucene search

MitreCVE-2021-33562

HistoryMay 24, 2021 - 11:15 p.m.

CVE-2021-33562

2021-05-2423:15:08

CWE-79

mitre

web.nvd.nist.gov

cve-2021-33562

shopizer

xss

vulnerability

web script

html

nvd

security

remote attackers

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.6%

JSON

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.

Affected configurations

Nvd

Node

shopizershopizerRange<2.17.0

VendorProductVersionCPE
shopizershopizer*cpe:2.3:a:shopizer:shopizer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shopizer	shopizer	*	cpe:2.3:a:shopizer:shopizer::::::::

References

github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271

github.com/shopizer-ecommerce/shopizer/compare/2.16.0...2.17.0

www.exploit-db.com/exploits/49901

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2021-33562