com.shopizer:shopizer@2.16.0 vulnerabilities

  • latest version

    2.16.0

  • first published

    3 years ago

  • latest version published

    3 years ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the com.shopizer:shopizer package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Authorization Bypass Through User-Controlled Key

    com.shopizer:shopizer is an open source e-commerce software.

    Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key by allowing a regular admin to permanently delete a superadmin via Insecure Direct Object Reference.

    How to fix Authorization Bypass Through User-Controlled Key?

    There is no fixed version for com.shopizer:shopizer.

    [0,)
    • M
    Cross-site Scripting (XSS)

    com.shopizer:shopizer is an open source e-commerce software.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product. For example, a product/insert-product-name-here.html/ref= URL.

    How to fix Cross-site Scripting (XSS)?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • M
    Cross-site Scripting (XSS)

    com.shopizer:shopizer is an open source e-commerce software.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration, which is then saved in the database. The code is executed for any user of store administration when information is fetched from the backend.

    How to fix Cross-site Scripting (XSS)?

    A fix was pushed into the master branch but not yet published.

    [0,)