CVE-2021-25077

Sažetak

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting

Reference

https://wpscan.com/vulnerability/53868650-aba0-4d07-89d2-a998bb0ee5f6
https://plugins.trac.wordpress.org/changeset/2654503

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-02-2022 - 13:57

Objavljeno

07-02-2022 - 16:15