Home

Description

A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter

PUBLISHED Reserved 2025-08-16 | Published 2025-09-08 | Updated 2025-09-29 | Assigner mitre

References

www.mezereon.com/shopify/

github.com/Ocmenog/CVE-2025-55998

cve.org (CVE-2025-55998)

nvd.nist.gov (CVE-2025-55998)

Download JSON