CVE-2015-2973 — Cross-site Scripting in E-commerce

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Welcart E-commerce

Timeline

PublishedJul 24

Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to a…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDwelcart/welcart_e-commerce1.4.17

Patches

Patch: www.welcart.com ↗Patch: www.welcart.com ↗

🔴Vulnerability Details

GHSA

GHSA-6hc9-c5vg-gpqq: Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1↗2022-05-13

▶

CVEList

CVE-2015-2973: Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1↗2015-07-24

▶