CNNVD-202508-2736 Information

CNNVD ID

CNNVD-202508-2736

Related CVE

CVE-2025-51605

• CNNVD Published: 2025-08-22

Description (Chinese)

Shopizer是Shopizer团队的一套基于Java的开源电子商务解决方案。 Shopizer 3.2.7版本存在安全漏洞，该漏洞源于CORS实现未验证Origin头，可能导致跨域读取敏感响应。

Description (English)

Shopizer is a package of open-source e-commerce solutions based on Java for the Shopizer team. There is a security loophole in version 3.2.7 of the Shopizer, which stems from the fact that CORS achieves unverified Origin head, which may lead to cross-domain reading of sensitive responses.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Shopizer

Published

2025-08-22

Last Modified

2026-02-24

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250512-02.md https://access.redhat.com/security/cve/cve-2025-51605 https://nvd.nist.gov/vuln/detail/CVE-2025-51605