ShopXO SSRF/XSS Vulnerability in Multiple Locations

Vulnerability

A vulnerability allowing server-side request forgery (SSRF) and cross-site scripting (XSS) has been identified in ShopXO version 6.4.0. This vulnerability exists in several locations within the application.

Impact

Exploitation of this vulnerability could lead to server-side request forgery, allowing attackers to make requests from the server to internal resources, and cross-site scripting, enabling the injection of malicious scripts that could be executed in the context of the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ShopXO SSRF/XSS Vulnerability in Multiple Locations

Vulnerability

Impact

Affected Products

shopxo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating