CNNVD-202507-1824 Information

CNNVD ID

CNNVD-202507-1824

Related CVE

CVE-2025-7567

• CNNVD Published: 2025-07-14

Description (Chinese)

ShopXO是ShopXO公司的一套开源的企业级开源电子商务系统。 ShopXO 6.5.0及之前版本存在代码注入漏洞，该漏洞源于文件header.html中参数lang/system_type操作不当，可能导致跨站脚本攻击。

Description (English)

ShopXO is an open-source enterprise open-source e-commerce system for ShopXO. ShotXO 6.5.0 and previous versions had a code-injecting loophole, which stemmed from the inappropriate operation of the parameter lang/system type in documenthead.html, which could lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

ShopXO

Published

2025-07-14

Last Modified

2026-02-24

References

https://github.com/gongfuxiang/shopxo/issues/89 https://vuldb.com/?ctiid.316265 https://vuldb.com/?id.316265 https://vuldb.com/?submit.607165 https://vuldb.com/?submit.607201

Patch

https://shopxo.net/download.html