Cross-Site Scripting Vulnerability in Smart Search & Filter Shopify App by Mezereon
CVE-2025-55998

8.1HIGH

Key Information:

Vendor: Mezereon
Status: Smart Search & Filter Shopify App
Vendor: CVE Published:; 8 September 2025

What is CVE-2025-55998?

The Smart Search & Filter Shopify App version 1.0 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject and execute arbitrary JavaScript in the user’s web browser. This vulnerability is triggered through the manipulation of the color filter parameter, permitting an attacker to deliver a malicious payload. Users of this application should be cautious and apply necessary updates to mitigate the risk of exploitation.

References

https://www.mezereon.com/shopify/#intro

https://github.com/Ocmenog/CVE-2025-55998

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Aug 16, 2025