CVE-2022-4227

Sažetak

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Reference

https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890
https://wpscan.com/vulnerability/90d3022c-5d35-4ef2-ab87-6919268db890

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

14-04-2025 - 14:15

Objavljeno

26-12-2022 - 13:15