{"id":"CVE-2023-33725","details":"Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.","aliases":["GHSA-3862-fmr3-4f3h"],"modified":"2026-04-10T04:58:15.251075Z","published":"2023-06-21T16:15:11.413Z","references":[{"type":"EVIDENCE","url":"https://github.com/Contrast-Security-OSS/Burptrast/tree/main/docs/CVE-2023-33725"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/broadleafcommerce/broadleafcommerce","events":[{"introduced":"cd57340235e96acf01f72bc91f564309343c5a39"},{"last_affected":"56c2347212142194415cd0d400c59c1424fa9d2b"}],"database_specific":{"versions":[{"introduced":"5.0"},{"last_affected":"5.2.25-ga"}]}}],"versions":["broadleaf-5.0.0-GA","broadleaf-5.0.1-GA","broadleaf-5.0.2-GA","broadleaf-5.2.0-GA","broadleaf-5.2.0-M1","broadleaf-5.2.0-M2","broadleaf-5.2.0-RC1","broadleaf-5.2.0-RC2","broadleaf-5.2.1-GA","broadleaf-5.2.10-GA","broadleaf-5.2.11-GA","broadleaf-5.2.12-GA","broadleaf-5.2.13-GA","broadleaf-5.2.14-GA","broadleaf-5.2.15-GA","broadleaf-5.2.15-M1","broadleaf-5.2.16-GA","broadleaf-5.2.17-GA","broadleaf-5.2.18-GA","broadleaf-5.2.19-GA","broadleaf-5.2.19-M1","broadleaf-5.2.2-GA","broadleaf-5.2.20-GA","broadleaf-5.2.21-GA","broadleaf-5.2.21-M1","broadleaf-5.2.21-M2","broadleaf-5.2.22-GA","broadleaf-5.2.23-GA","broadleaf-5.2.24-GA","broadleaf-5.2.25-GA","broadleaf-5.2.3-GA","broadleaf-5.2.3-M1","broadleaf-5.2.3-M2","broadleaf-5.2.3-M3","broadleaf-5.2.3-M5","broadleaf-5.2.3-M6","broadleaf-5.2.3-M7","broadleaf-5.2.4-GA","broadleaf-5.2.4-M1","broadleaf-5.2.4-M3","broadleaf-5.2.5-GA","broadleaf-5.2.5-M1","broadleaf-5.2.5-M2","broadleaf-5.2.5-M3","broadleaf-5.2.5-M4","broadleaf-5.2.5-M5","broadleaf-5.2.6-GA","broadleaf-5.2.7-GA","broadleaf-5.2.8-GA","broadleaf-5.2.8-M1","broadleaf-5.2.9-GA"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"6.0"},{"fixed":"6.2.6.1-ga"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33725.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}