CVE-2023-47755

Опубликовано: 22 нояб. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 6.1

EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.

Ссылки

https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve
Third Party Advisory
https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aazztech:woocommerce_product_carousel_slider:*:*:*:*:*:wordpress:*:*

Версия до 3.3.5 (включая)

EPSS

Процентиль: 24%

0.00081

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-39c7-q63f-4f47

CVSS3: 6.5

github

около 2 лет назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.

EPSS

Процентиль: 24%

0.00081

Низкий

6.5 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79