CVE-2021-33562

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-33562
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33562.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-33562
Aliases
Published
2021-05-24T23:15:08Z
Modified
2025-09-19T13:01:08.412781Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.

References

Affected packages

Git / github.com/shopizer-ecommerce/shopizer

Affected ranges

Type
GIT
Repo
https://github.com/shopizer-ecommerce/shopizer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.13.0
2.14.1
2.15.0
2.16.0

v2.*

v2.13.0
v2.14.0
v2.14.1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "22285619678933967751165268830234213452",
                    "106628044783959303085066853221350109172",
                    "70857240634589952013287244881973002746",
                    "291773468555724263604618954544447906577",
                    "194760786931620374632553607361319230721",
                    "60702978520127307290190241330340296343",
                    "312137715999592589032113097114542125398",
                    "23299825708746098681211493114765973043",
                    "281665582636863512071703663116889915784",
                    "287175368020533677612546539070733848828",
                    "86273851203980282484097189410504962360"
                ]
            },
            "id": "CVE-2021-33562-03ca91ae",
            "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "267681314943511409058316542741060568667",
                "length": 100.0
            },
            "id": "CVE-2021-33562-5c225609",
            "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java",
                "function": "doFilter"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135390940942894668177515639482093117321",
                    "176856125437285893281023856277049689814",
                    "8753404996372903394498759202718209671",
                    "68560027063347199793409355825377622429",
                    "107807252746075540705184971356016445939",
                    "121751782599999907191098765684492074711",
                    "269483439507296050067923581292082615895",
                    "47046884113053335480036781416160011277",
                    "190833818704774025957310429079950546796"
                ]
            },
            "id": "CVE-2021-33562-5ca33c9d",
            "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "283977033798844079314824230304570134056",
                "length": 2894.0
            },
            "id": "CVE-2021-33562-9e387bfc",
            "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java",
                "function": "displayCategory"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100135505418269743310911761774611605371",
                    "95537784149499941560177652333015681411",
                    "323038267425287307455920545867239791947"
                ]
            },
            "id": "CVE-2021-33562-aae229a4",
            "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "sm-shop/src/main/java/com/salesmanager/shop/application/config/ShopApplicationConfiguration.java"
            },
            "deprecated": false
        }
    ]
}