CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4549 – WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4549
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter. Múltiples vulnerabilidades de XSS en pages/3DComplete.php en el plugin WooCommerce SagePay Direct Payment Gateway anterior a 0.1.6.7 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) MD o (2) PARes. • http://codevigilant.com/disclosure/wp-plugin-sagepay-direct-for-woocommerce-payment-gateway-a3-cross-site-scripting-xss http://wordpress.org/plugins/sagepay-direct-for-woocommerce-payment-gateway/changelog http://www.securityfocus.com/bid/65355 https://github.com/wp-plugins/sagepay-direct-for-woocommerce-payment-gateway/commit/9c6cf939c6c25377c285439b92ef2bb5ebda9db6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •