cvedb.io
CVE-2021-33561
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2021-05-24T23:15:08.750 · Last modified 2026-06-17T03:54:47.913

Summary

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when information is fetched from the backend, e.g., in admin/customers/list.html.

Affected products

shopizer — shopizer

Does this affect you?

Add your gear to cvedb and we'll alert you only when shopizer ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.