📦 Shopizer

Shopizer 3.2.7 has a CORS misconfiguration that reflects client-supplied Origin headers without validation while allowing credentials. This allows malicious websites to make authenticated cross-origin...

This vulnerability allows users who were already logged into Shopizer to maintain access even after their password has been changed, either by themselves or an administrator. This affects Shopizer e-c...