4.3
CVE-2015-2973
- EPSS 2.03%
- Veröffentlicht 24.07.2015 16:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginWelcart e-Commerce < 1.4.18 - Multiple Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.
Mögliche Gegenmaßnahme
Welcart e-Commerce: Update to version 1.4.18, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Welcart ≫ Welcart E-commerce SwPlatformwordpress Version <= 1.4.17
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Welcart e-Commerce
Version
[*, 1.4.18)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.03% | 0.786 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://jvn.jp/en/jp/JVN97971874/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000103
http://www.welcart.com/community/archives/74867
https://plugins.trac.wordpress.org/changeset/1199120
https://wpvulndb.com/vulnerabilities/8114
https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2edcdf-3a0c-40bc-8b33-1ad15cad5acb