2 matches found
CVE-2019-9168
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption...
CVE-2019-9168
CVE-2019-9168 affects the WordPress WooCommerce plugin prior to version 3.5.5. The vulnerability is a cross-site scripting (XSS) flaw in the Photoswipe caption handling, where user-supplied data in the caption can be interpreted as script. The root cause is insufficient sanitization of the captio...