CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10112 – WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10112
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. Vulnerabilidad de XSS en el plugin WooCommerce en versiones anteriores a 2.6.9 para WordPress permite a administradores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios proporcionando valores de tabla tax-rate manipulados en formato CSV. • http://www.securityfocus.com/bid/95292 https://wordpress.org/plugins/woocommerce/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2329 – WooCommerce <= 2.3.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2329
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el plugin WooCommerce en versiones anteriores a la 2.3.6 para WordPress permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un pedido manipulado. • https://fortiguard.com/zeroday/FG-VD-15-020 https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2069 – WooCommerce <= 2.2.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2069
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php. Vulnerabilidad de XSS en el plugin WooCommerce anterior a 2.2.11 para WordPress permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de QUERY_STRING en la página wc-reports en wp-admin/admin.php. • http://packetstormsecurity.com/files/130458/WordPress-WooCommerce-2.2.10-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Feb/75 http://www.securityfocus.com/bid/74885 https://wordpress.org/plugins/woocommerce/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •