CVE-2023-33725
- Source
- https://cve.org/CVERecord?id=CVE-2023-33725
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33725.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-33725
- Aliases
- Published
- 2023-06-21T16:15:11.413Z
- Modified
- 2026-04-10T04:58:15.251075Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
- References
Affected packages
Git / github.com/broadleafcommerce/broadleafcommerce
Affected versions
broadleaf-5.*
broadleaf-5.0.0-GA
broadleaf-5.0.1-GA
broadleaf-5.0.2-GA
broadleaf-5.2.0-GA
broadleaf-5.2.0-M1
broadleaf-5.2.0-M2
broadleaf-5.2.0-RC1
broadleaf-5.2.0-RC2
broadleaf-5.2.1-GA
broadleaf-5.2.10-GA
broadleaf-5.2.11-GA
broadleaf-5.2.12-GA
broadleaf-5.2.13-GA
broadleaf-5.2.14-GA
broadleaf-5.2.15-GA
broadleaf-5.2.15-M1
broadleaf-5.2.16-GA
broadleaf-5.2.17-GA
broadleaf-5.2.18-GA
broadleaf-5.2.19-GA
broadleaf-5.2.19-M1
broadleaf-5.2.2-GA
broadleaf-5.2.20-GA
broadleaf-5.2.21-GA
broadleaf-5.2.21-M1
broadleaf-5.2.21-M2
broadleaf-5.2.22-GA
broadleaf-5.2.23-GA
broadleaf-5.2.24-GA
broadleaf-5.2.25-GA
broadleaf-5.2.3-GA
broadleaf-5.2.3-M1
broadleaf-5.2.3-M2
broadleaf-5.2.3-M3
broadleaf-5.2.3-M5
broadleaf-5.2.3-M6
broadleaf-5.2.3-M7
broadleaf-5.2.4-GA
broadleaf-5.2.4-M1
broadleaf-5.2.4-M3
broadleaf-5.2.5-GA
broadleaf-5.2.5-M1
broadleaf-5.2.5-M2
broadleaf-5.2.5-M3
broadleaf-5.2.5-M4
broadleaf-5.2.5-M5
broadleaf-5.2.6-GA
broadleaf-5.2.7-GA
broadleaf-5.2.8-GA
broadleaf-5.2.8-M1
broadleaf-5.2.9-GA