exploitDog

GHSA-366w-rp6m-qm5x

Опубликовано: 26 дек. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Ссылки

EPSS

Процентиль: 42%

0.00199

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-4227

CVSS3: 6.1

nvd

около 3 лет назад

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

EPSS

Процентиль: 42%

0.00199

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79