Security Advisory

CVE-2021-33561

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-05-24 22:33:22

Last updated 2024-08-03 23:50:43

Assigner mitre

State PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when information is fetched from the backend, e.g., in admin/customers/list.html.

← Browse all CVEs View on cve.org ↗