Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Shopizer 安全漏洞
Vulnerability Description
Shopizer是Shopizer团队的一套基于Java的开源电子商务解决方案。 Shopizer 3.2.7版本存在安全漏洞,该漏洞源于CORS实现未验证Origin头,可能导致跨域读取敏感响应。
CVSS Information
N/A
Vulnerability Type
N/A