1 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. El plugin WooCommerce Quick Reports en versiones 1.0.6 y anteriores de MULTIDOTS para WordPress es vulnerable a Cross-Site Scripting (XSS) persistente. Permite que un atacante inyecte código JavaScript en la página de administrador WooCommerce -> Orders. • http://labs.threatpress.com/stored-cross-site-scripting-xss-in-woocommerce-quick-reports-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •