Vulnerability Description
A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when information is fetched from the backend, e.g., in admin/customers/list.html.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shopizer | Shopizer | < 2.17.0 |
Related Weaknesses (CWE)
References
- https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c8PatchThird Party Advisory
- https://github.com/shopizer-ecommerce/shopizer/compare/2.16.0...2.17.0PatchThird Party Advisory
- https://www.exploit-db.com/exploits/49901ExploitThird Party AdvisoryVDB Entry
- https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c8PatchThird Party Advisory
- https://github.com/shopizer-ecommerce/shopizer/compare/2.16.0...2.17.0PatchThird Party Advisory
- https://www.exploit-db.com/exploits/49901ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2021-33561?
CVE-2021-33561 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. I...
How severe is CVE-2021-33561?
CVE-2021-33561 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33561?
Check the references section above for vendor advisories and patch information. Affected products include: Shopizer Shopizer.