CVE-2021-33562
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-33562
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33562.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-33562
- Aliases
- Published
- 2021-05-24T23:15:08Z
- Modified
- 2025-09-19T13:01:08.412781Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.
- References
Affected packages
Git / github.com/shopizer-ecommerce/shopizer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/shopizer-ecommerce/shopizer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"digest": {
"line_hashes": [
"22285619678933967751165268830234213452",
"106628044783959303085066853221350109172",
"70857240634589952013287244881973002746",
"291773468555724263604618954544447906577",
"194760786931620374632553607361319230721",
"60702978520127307290190241330340296343",
"312137715999592589032113097114542125398",
"23299825708746098681211493114765973043",
"281665582636863512071703663116889915784",
"287175368020533677612546539070733848828",
"86273851203980282484097189410504962360"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2021-33562-03ca91ae",
"target": {
"file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java"
},
"source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
"deprecated": false
},
{
"digest": {
"length": 100.0,
"function_hash": "267681314943511409058316542741060568667"
},
"signature_type": "Function",
"signature_version": "v1",
"id": "CVE-2021-33562-5c225609",
"target": {
"function": "doFilter",
"file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java"
},
"source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"135390940942894668177515639482093117321",
"176856125437285893281023856277049689814",
"8753404996372903394498759202718209671",
"68560027063347199793409355825377622429",
"107807252746075540705184971356016445939",
"121751782599999907191098765684492074711",
"269483439507296050067923581292082615895",
"47046884113053335480036781416160011277",
"190833818704774025957310429079950546796"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2021-33562-5ca33c9d",
"target": {
"file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java"
},
"source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
"deprecated": false
},
{
"digest": {
"length": 2894.0,
"function_hash": "283977033798844079314824230304570134056"
},
"signature_type": "Function",
"signature_version": "v1",
"id": "CVE-2021-33562-9e387bfc",
"target": {
"function": "displayCategory",
"file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java"
},
"source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"100135505418269743310911761774611605371",
"95537784149499941560177652333015681411",
"323038267425287307455920545867239791947"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"id": "CVE-2021-33562-aae229a4",
"target": {
"file": "sm-shop/src/main/java/com/salesmanager/shop/application/config/ShopApplicationConfiguration.java"
},
"source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
"deprecated": false
}
]
}