{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T04:15:03.343","vulnerabilities":[{"cve":{"id":"CVE-2022-23060","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2022-05-01T13:15:07.677","lastModified":"2024-11-21T06:47:54.470","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab"},{"lang":"es","value":"Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Shopizer versiones 2.0 hasta 2.17.0, donde un usuario privilegiado (atacante) puede inyectar JavaScript malicioso en el nombre del archivo en la pestaña \"Manage files\""}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shopizer:shopizer:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0","versionEndIncluding":"2.17.0","matchCriteriaId":"F417CD4B-673A-49C5-AB02-4758F24225D1"}]}]}],"references":[{"url":"https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23060","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/shopizer-ecommerce/shopizer/commit/6b9f1ecd303b3b724d96bd08095c1a751dcc287e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23060","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}