exploitDog

CVE-2023-0948

Опубликовано: 08 мая 2023

Источник: nvd

CVSS3: 6.1

EPSS Средний

Описание

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

Ссылки

https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:artisanworkshop:japanized_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 2.5.8 (исключая)

EPSS

Процентиль: 95%

0.18235

Средний

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-jf29-vf7j-2f4w

CVSS3: 6.1

github

больше 2 лет назад

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

EPSS

Процентиль: 95%

0.18235

Средний

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79