Lucene search
+L

4 matches found

nvd
nvd
added 2023/08/21 5:15 p.m.21 views

CVE-2023-3954

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00396EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/08/21 12:29 p.m.8 views

CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00396EPSS
Exploits2References1
cvelist
cvelist
added 2023/08/21 12:29 p.m.28 views

CVE-2023-3954 MultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSS

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00396EPSS
Exploits2References1
cve
cve
added 2023/08/21 12:29 p.m.50 views

CVE-2023-3954

CVE-2023-3954 affects the MultiParcels Shipping For WooCommerce WordPress plugin prior to version 1.15.4. A Reflected XSS exists where an unsanitized parameter is output back to the page, enabling attack against admin/high-privilege users. A PoC is referenced in the connected exploit entry, illus...

6.1CVSS6.1AI score0.00396EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder