Lucene search
K

6 matches found

Circl
Circl
added 2023/02/06 10:23 p.m.9 views

CVE-2023-0062

creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:23+00:00| seen| https://t.me/cibsecurity/57573...

5.4CVSS5.5AI score0.00573EPSS
Exploits2References1
OSV
OSV
added 2023/02/06 8:15 p.m.6 views

CVE-2023-0062

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00573EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.24 views

CVE-2023-0062 EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.6AI score0.00573EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.8 views

CVE-2023-0062 EAN for WooCommerce < 4.4.3 - Contributor+ Stored XSS

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.1AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.66 views

CVE-2023-0062

CVE-2023-0062 affects the WordPress plugin “EAN for WooCommerce” prior to version 4.4.3. The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before echoing them on pages/posts containing the shortcode, enabling stored XSS for users with the Contri...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/01/11 12:0 a.m.12 views

WordPress EAN for WooCommerce Plugin < 4.4.3 is vulnerable to Cross Site Scripting (XSS)

Software EAN for WooCommerce Type Plugin Vulnerable versions 4.4.3 Fixed in 4.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0062 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID efcc1edc10be Credits Lana Codes...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder