4 matches found
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting
WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials an...
CVE-2021-24875
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24875 eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24875
The CVE-2021-24875 entry concerns the WordPress plugin “eCommerce Product Catalog” (for WordPress) prior to version 3.0.39. Affected functionality is the ic-settings-search parameter not being escaped when echoed into an HTML attribute, causing a Reflected Cross-Site Scripting (XSS) vulnerability...