← voltar
CVE-2022-50941

BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
MrPlugins · BootCommerce

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://codecanyon.net/item/bootcommerce-ecommerce-twitter-bootstrap-based/5702921https://www.vulncheck.com/advisories/bootcommerce-persistent-cross-site-scripting-via-order-checkouthttps://www.vulnerability-lab.com/get_content.php?id=2279