Описание
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.2 (включая)
Одно из
cpe:2.3:a:woothemes:woocommerce_plugin:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.11:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.1.12:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:woothemes:woocommerce_plugin:2.2.1:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 50%
0.0027
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.
EPSS
Процентиль: 50%
0.0027
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79