GHSA-378p-hrq3-x4p3

Suggest an improvement
Source
https://github.com/advisories/GHSA-378p-hrq3-x4p3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-378p-hrq3-x4p3/GHSA-378p-hrq3-x4p3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-378p-hrq3-x4p3
Aliases
Published
2021-06-08T23:08:20Z
Modified
2023-11-08T04:06:05.379684Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site scripting in Shopizer
Details

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.

Database specific 
{
    "nvd_published_at": "2021-05-24T23:15:00Z",
    "github_reviewed_at": "2021-05-28T18:49:50Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Maven / com.shopizer:shopizer

Package

Name
com.shopizer:shopizer
View open source insights on deps.dev
Purl
pkg:maven/com.shopizer/shopizer

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.0

Affected versions

2.*

2.16.0