CVE-2026-36766 in shopizer信息

摘要

由 MITRE • 2026-04-30

Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream() or getReader() functions.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

负责

MITRE

预定

2026-04-06

披露

2026-04-30

管理

已接受

条目

VDB-360355

CPE

准备好

CWE

CWE-79 (已确认)

CVSS

3.5 (VulDB)

EPSS

0.00034

KEV

否

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-36766
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-36766
CVE Details	https://www.cvedetails.com/cve/CVE-2026-36766/

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!