Vulnerability Details CVE-2020-11006
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.1%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 3.5
References
- https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a
- https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-8pc4-gvfw-634p
- https://github.com/shopizer-ecommerce/shopizer/commit/929ca0839a80c6f4dad087e0259089908787ad2a
- https://github.com/shopizer-ecommerce/shopizer/security/advisories/GHSA-8pc4-gvfw-634p
Products affected by CVE-2020-11006
-
cpe:2.3:a:shopizer:shopizer:1.1.5
-
cpe:2.3:a:shopizer:shopizer:2.0
-
cpe:2.3:a:shopizer:shopizer:2.0.1
-
cpe:2.3:a:shopizer:shopizer:2.0.2
-
cpe:2.3:a:shopizer:shopizer:2.0.2.1
-
cpe:2.3:a:shopizer:shopizer:2.0.3
-
cpe:2.3:a:shopizer:shopizer:2.0.4
-
cpe:2.3:a:shopizer:shopizer:2.0.5
-
cpe:2.3:a:shopizer:shopizer:2.0.6
-
cpe:2.3:a:shopizer:shopizer:2.10.0
-
cpe:2.3:a:shopizer:shopizer:2.2.0
-
cpe:2.3:a:shopizer:shopizer:2.3.0
-
cpe:2.3:a:shopizer:shopizer:2.4.0
-
cpe:2.3:a:shopizer:shopizer:2.5.0
-
cpe:2.3:a:shopizer:shopizer:2.6.0
-
cpe:2.3:a:shopizer:shopizer:2.7.0
-
cpe:2.3:a:shopizer:shopizer:2.8.0
-
cpe:2.3:a:shopizer:shopizer:2.9.0