Lucene search
Bob MatyasWPEX-ID:3B9EBA0D-29AA-47E4-B17F-4CF4BBF8B690HistoryApr 05, 2024 - 12:00 a.m.
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
2024-04-0500:00:00
Bob Matyas
34
fancy product designer
reflected cross site scripting
update deadline
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users
Note: This requires WooCommerce to be installed.
1. Go to "Fancy Product Designer > Products"
2. Click "New" and save a new product (use any name, for example 'Reflected')
3. Add a product in WooCommerce.
4. Set a price for the product
5. In the side panel under "Fancy Product Designer", assign a product (ex: 'Reflected' from above).
6. Save the product.
7. Access the product at https://wps-test.ddev.site/?product=__INSERT_PRODUCT_PAGE_&cart_item_key=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
8. See the XSSRelated
vulnrichment
vulnrichment
wpvulndb
wpvulndb
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
2024-04-05 00:00:00
nvd
nvd
CVE-2024-0905
2024-04-26 05:15:49
cve
cve
CVE-2024-0905
2024-04-26 05:15:49
cvelist
cvelist
wordfence
wordfence
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:3B9EBA0D-29AA-47E4-B17F-4CF4BBF8B690