CVE-2020-11006

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-11006

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11006.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11006

Related

GHSA-8pc4-gvfw-634p

Published

2020-05-08T19:15:12.863Z

Modified

2026-03-13T22:01:07.361405Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.

References

Affected packages

Git / github.com/shopizer-ecommerce/shopizer

Affected ranges

Type: GIT
Repo: https://github.com/shopizer-ecommerce/shopizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

929ca0839a80c6f4dad087e0259089908787ad2a

Type: GIT
Repo: https://github.com/shopizer-ecommerce/shopizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

929ca0839a80c6f4dad087e0259089908787ad2a

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11006.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.11.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.11.0"
            }
        ]
    }
]