2 matches found
WordPress eCommerce Product Catalog Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS)
Software eCommerce Product Catalog Type Plugin Vulnerable versions = 3.3.8 Fixed in 3.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1470 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b594574ee607 Credits Marco Wotschka...
CVE-2023-1470 eCommerce Product Catalog plugin for WordPress <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...