Cross site scripting

2014-10-1414:55:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.

CPENameOperatorVersion
woocommerce_plugineq2.2.1
woocommerce_plugineq2.1.9
woocommerce_plugineq2.1.10
woocommerce_plugineq2.1.0
woocommerce_plugineq2.1.11
woocommerce_plugineq2.1.8
woocommerce_plugineq2.1.5
woocommerce_plugineq2.1.3
woocommerce_plugineq2.1.6
woocommerce_plugineq2.1.2

Name	Operator	Version
woocommerce_plugin	eq	2.2.1
woocommerce_plugin	eq	2.1.9
woocommerce_plugin	eq	2.1.10
woocommerce_plugin	eq	2.1.0
woocommerce_plugin	eq	2.1.11
woocommerce_plugin	eq	2.1.8
woocommerce_plugin	eq	2.1.5
woocommerce_plugin	eq	2.1.3
woocommerce_plugin	eq	2.1.6
woocommerce_plugin	eq	2.1.2