CVE-2025-55998HIGH 8.1EPSS p24.3%

CVE-2025-55998CVE-2025-55998

Description

A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS0.33% probability of exploitation · percentile 24.3% · 2026-06-19T12:03:05Z
Published2025-09-08
Last modified2025-09-29

Underlying weaknesses· 1

CWE-79

References

  1. https://github.com/Ocmenog/CVE-2025-55998
  2. https://www.mezereon.com/shopify/#intro

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-49557
CVE
CVE-2025-54264
CVE
CVE-2025-9697
CVE
CVE-2025-0879
CVE
CVE-2025-47110
CVE
CVE-2025-60991
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.