CVE-2021-33562

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-33562

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33562.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-33562

Aliases

GHSA-378p-hrq3-x4p3

Published

2021-05-24T23:15:08.787Z

Modified

2025-11-14T11:57:57.950914Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL.

References

Affected packages

Git / github.com/shopizer-ecommerce/shopizer

Affected ranges

Type: GIT
Repo: https://github.com/shopizer-ecommerce/shopizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

197f8c78c8f673b957e41ca2c823afc654c19271

Affected versions

2.*

2.13.0

2.14.1

2.15.0

2.16.0

v2.*

v2.13.0

v2.14.0

v2.14.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33562.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22285619678933967751165268830234213452",
                "106628044783959303085066853221350109172",
                "70857240634589952013287244881973002746",
                "291773468555724263604618954544447906577",
                "194760786931620374632553607361319230721",
                "60702978520127307290190241330340296343",
                "312137715999592589032113097114542125398",
                "23299825708746098681211493114765973043",
                "281665582636863512071703663116889915784",
                "287175368020533677612546539070733848828",
                "86273851203980282484097189410504962360"
            ]
        },
        "id": "CVE-2021-33562-03ca91ae",
        "signature_version": "v1",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java",
            "function": "doFilter"
        },
        "deprecated": false,
        "digest": {
            "length": 100.0,
            "function_hash": "267681314943511409058316542741060568667"
        },
        "id": "CVE-2021-33562-5c225609",
        "signature_version": "v1",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/filter/XssFilter.java"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "135390940942894668177515639482093117321",
                "176856125437285893281023856277049689814",
                "8753404996372903394498759202718209671",
                "68560027063347199793409355825377622429",
                "107807252746075540705184971356016445939",
                "121751782599999907191098765684492074711",
                "269483439507296050067923581292082615895",
                "47046884113053335480036781416160011277",
                "190833818704774025957310429079950546796"
            ]
        },
        "id": "CVE-2021-33562-5ca33c9d",
        "signature_version": "v1",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/store/controller/category/ShoppingCategoryController.java",
            "function": "displayCategory"
        },
        "deprecated": false,
        "digest": {
            "length": 2894.0,
            "function_hash": "283977033798844079314824230304570134056"
        },
        "id": "CVE-2021-33562-9e387bfc",
        "signature_version": "v1",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "sm-shop/src/main/java/com/salesmanager/shop/application/config/ShopApplicationConfiguration.java"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "100135505418269743310911761774611605371",
                "95537784149499941560177652333015681411",
                "323038267425287307455920545867239791947"
            ]
        },
        "id": "CVE-2021-33562-aae229a4",
        "signature_version": "v1",
        "source": "https://github.com/shopizer-ecommerce/shopizer/commit/197f8c78c8f673b957e41ca2c823afc654c19271"
    }
]