exploitDog

CVE-2022-4227

Опубликовано: 26 дек. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Ссылки

https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890
Third Party Advisory
https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:booster:booster_elite_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 6.0.0 (исключая)

cpe:2.3:a:booster:booster_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 5.6.3 (исключая)

cpe:2.3:a:booster:booster_plus_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 6.0.0 (исключая)

EPSS

Процентиль: 52%

0.00287

Низкий

6.1 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-366w-rp6m-qm5x

CVSS3: 6.1

github

около 3 лет назад

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

EPSS

Процентиль: 52%

0.00287

Низкий

6.1 Medium

CVSS3

Дефекты