Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2025-27145 | A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter |
Mon, 29 Sep 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter. | A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter |
Fri, 12 Sep 2025 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mezereon
Mezereon smart Search And Filter |
|
| CPEs | cpe:2.3:a:mezereon:smart_search_and_filter:1.0:*:*:*:*:*:*:* | |
| Vendors & Products |
Mezereon
Mezereon smart Search And Filter |
Mon, 08 Sep 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Mon, 08 Sep 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-29T17:22:16.405Z
Reserved: 2025-08-16T00:00:00.000Z
Link: CVE-2025-55998
Updated: 2025-09-08T15:43:59.832Z
Status : Modified
Published: 2025-09-08T15:15:36.520
Modified: 2026-06-17T09:42:16.600
Link: CVE-2025-55998
No data.
OpenCVE Enrichment
No data.
EUVD