A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "22285619678933967751165268830234213452", "106628044783959303085066853221350109172", "70857240634589952013287244881973002746", "291773468555724263604618954544447906577", "194760786931620374632553607361319230721", "60702978520127307290190241330340296343", "312137715999592589032113097114542125398", "23299825708746098681211493114765973043", "281665582636863512071703663116889915784", "287175368020533677612546539070733848828", "86273851203980282484097189410504962360" ] }, "id": "CVE-2021-33562-03ca91ae", "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271", "signature_type": "Line", "signature_version": "v1", "target": { "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java" }, "deprecated": false }, { "digest": { "function_hash": "267681314943511409058316542741060568667", "length": 100.0 }, "id": "CVE-2021-33562-5c225609", "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271", "signature_type": "Function", "signature_version": "v1", "target": { "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java", "function": "doFilter" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "135390940942894668177515639482093117321", "176856125437285893281023856277049689814", "8753404996372903394498759202718209671", "68560027063347199793409355825377622429", "107807252746075540705184971356016445939", "121751782599999907191098765684492074711", "269483439507296050067923581292082615895", "47046884113053335480036781416160011277", "190833818704774025957310429079950546796" ] }, "id": "CVE-2021-33562-5ca33c9d", "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271", "signature_type": "Line", "signature_version": "v1", "target": { "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java" }, "deprecated": false }, { "digest": { "function_hash": "283977033798844079314824230304570134056", "length": 2894.0 }, "id": "CVE-2021-33562-9e387bfc", "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271", "signature_type": "Function", "signature_version": "v1", "target": { "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java", "function": "displayCategory" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "100135505418269743310911761774611605371", "95537784149499941560177652333015681411", "323038267425287307455920545867239791947" ] }, "id": "CVE-2021-33562-aae229a4", "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271", "signature_type": "Line", "signature_version": "v1", "target": { "file": "sm-shop/src/main/java/com/salesmanager/shop/application/config/ShopApplicationConfiguration.java" }, "deprecated": false } ] }