Lucene search
Dc11WPEX-ID:E93841EF-E113-41D3-9FA1-B21AF85BD812HistoryNov 06, 2023 - 12:00 a.m.
Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
2023-11-0600:00:00
dc11
40
woocommerce
vietnam
checkout
xss
unauthenticated
stored
vulnerability
admin alert
0.0005 Low
EPSS
Percentile
17.0%
Description The plugin does not escape the custom shipping phone field no the checkout form leading to XSS
1) Install both WooCommerce and the plugin.
2) Set a WooCommerce shipping method, and the store's address to one that is in Vietnam.
3) Add product to cart, and proceed to checkout
4) Tick "Ship to a different address?"
5) Fill the telephone field with:
" onmouseover="alert(1);//
An alert box should pop up when an administrator hovers the order's associated recipient phone number on http://vulnerable-site.tld/wp-admin/post.php?post=$ORDER_ID&action=edit
You can find a video here:
https://drive.proton.me/urls/JRWA6XHCR8#6MS36X7Ag78iRelated
nvd
nvd
CVE-2023-5325
2023-11-27 17:15:08
cve
cve
CVE-2023-5325
2023-11-27 17:15:08
prion
prion
Cross site scripting
2023-11-27 17:15:00
wpvulndb
wpvulndb
Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
2023-11-06 00:00:00
cvelist
cvelist
CVE-2023-5325 Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS
2023-11-27 16:22:03