Description
A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0 via the “Manage Images” tab, which allows an attacker to upload a SVG file containing malicious JavaScript code.
Remediation
References
https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23059
Related Vulnerabilities
CVE-2022-39396 Vulnerability in npm package parse-server
CVE-2020-26870 Vulnerability in npm package dompurify
CVE-2021-21290 Vulnerability in maven package io.netty:netty-codec-http
CVE-2020-15170 Vulnerability in maven package com.ctrip.framework.apollo:apollo-adminservice
CVE-2022-2596 Vulnerability in maven package org.webjars.npm:node-fetch