CVE-2021-33561

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33561

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33561.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-33561

Aliases

GHSA-rcp4-jm2v-mr3f

Published

2021-05-24T23:15:08.750Z

Modified

2025-11-14T11:57:58.218303Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when information is fetched from the backend, e.g., in admin/customers/list.html.

References

Affected packages

Git / github.com/shopizer-ecommerce/shopizer

Affected ranges

Type: GIT
Repo: https://github.com/shopizer-ecommerce/shopizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

197f8c78c8f673b957e41ca2c823afc654c19271

Affected versions

2.*

2.13.0

2.14.1

2.15.0

2.16.0

v2.*

v2.13.0

v2.14.0

v2.14.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-33561-03ca91ae",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java"
        },
        "digest": {
            "line_hashes": [
                "22285619678933967751165268830234213452",
                "106628044783959303085066853221350109172",
                "70857240634589952013287244881973002746",
                "291773468555724263604618954544447906577",
                "194760786931620374632553607361319230721",
                "60702978520127307290190241330340296343",
                "312137715999592589032113097114542125398",
                "23299825708746098681211493114765973043",
                "281665582636863512071703663116889915784",
                "287175368020533677612546539070733848828",
                "86273851203980282484097189410504962360"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-33561-5c225609",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java",
            "function": "doFilter"
        },
        "digest": {
            "length": 100.0,
            "function_hash": "267681314943511409058316542741060568667"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-33561-5ca33c9d",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java"
        },
        "digest": {
            "line_hashes": [
                "135390940942894668177515639482093117321",
                "176856125437285893281023856277049689814",
                "8753404996372903394498759202718209671",
                "68560027063347199793409355825377622429",
                "107807252746075540705184971356016445939",
                "121751782599999907191098765684492074711",
                "269483439507296050067923581292082615895",
                "47046884113053335480036781416160011277",
                "190833818704774025957310429079950546796"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-33561-9e387bfc",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java",
            "function": "displayCategory"
        },
        "digest": {
            "length": 2894.0,
            "function_hash": "283977033798844079314824230304570134056"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-33561-aae229a4",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/application/config/ShopApplicationConfiguration.java"
        },
        "digest": {
            "line_hashes": [
                "100135505418269743310911761774611605371",
                "95537784149499941560177652333015681411",
                "323038267425287307455920545867239791947"
            ],
            "threshold": 0.9
        }
    }
]