4.3
CVE-2015-2973
- EPSS 0.44%
- Veröffentlicht 24.07.2015 16:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginWelcart e-Commerce < 1.4.18 - Multiple Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.
Mögliche Gegenmaßnahme
Welcart e-Commerce: Update to version 1.4.18, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Welcart e-Commerce
Version
[*, 1.4.18)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Welcart ≫ Welcart E-commerce SwPlatformwordpress Version <= 1.4.17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.62 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.