A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.
History

Mon, 08 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 08 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Description A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-09-08T15:44:55.631Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-55998

cve-icon Vulnrichment

Updated: 2025-09-08T15:43:59.832Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-08T15:15:36.520

Modified: 2025-09-08T16:25:38.810

Link: CVE-2025-55998

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.