5 matches found
CVE-2021-24940
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue...
CVE-2021-24940
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24940.yaml...
CVE-2021-24940
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue...
CVE-2021-24940
The CVE-2021-24940 issue affects the WordPress Persian Woocommerce plugin until version 5.8.0, where the s parameter is not escaped before being output in an admin-dashboard attribute, enabling reflected Cross-Site Scripting. Exploitation could load arbitrary scripts in users’ browsers and potent...
CVE-2021-24940 Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue...