NotCVE - vendor:"Multidots" product:"Advance Search For Woocommerce" version:" <= 1.0.9"

1 results (0.018 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-11486 – Advance Search for WooCommerce <= 1.0.9 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. Se ha descubierto un problema en el plugin Advance Search for WooCommerce en versiones 1.0.9 y anteriores de MULTIDOTS para WordPress. El plugin es vulnerable a Cross-Site Scripting (XSS) persistente. • http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •