CVE-2022-2090
published 2022-07-17CVE-2022-2090: The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount…
PriorityP422medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.66%
47.0th percentile
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flycart | discount_rules_for_woocommerce | < 2.4.2 | 2.4.2 |
| linux | linux_kernel | >= 2.6.32 < 4.9.337 | 4.9.337 |
| linux | linux_kernel | >= 4.10.0 < 4.14.303 | 4.14.303 |
| linux | linux_kernel | >= 4.15.0 < 4.19.270 | 4.19.270 |
| linux | linux_kernel | >= 4.20.0 < 5.4.229 | 5.4.229 |
| linux | linux_kernel | >= 5.11.0 < 5.15.86 | 5.15.86 |
| linux | linux_kernel | >= 5.16.0 < 6.0.16 | 6.0.16 |
| linux | linux_kernel | >= 5.5.0 < 5.10.163 | 5.10.163 |
| linux | linux_kernel | >= 6.1.0 < 6.1.2 | 6.1.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
s390/lcs: Fix return type of lcs_start_xmit()
osv·2025-12-24
CVE-2022-50728 s390/lcs: Fix return type of lcs_start_xmit()
s390/lcs: Fix return type of lcs_start_xmit()
In the Linux kernel, the following vulnerability has been resolved:
s390/lcs: Fix return type of lcs_start_xmit()
With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),
indirect call targets are validated against the expected function
pointer prototype to make sure the call target is valid to help mitigate
ROP attacks. If they are not identical, there is a failure at run time,
which manifests as either a kernel panic or thread getting killed. A
proposed warning in clang aims to catch these at compile time, which
reveals:
drivers/s390/net/lcs.c:2090:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)'
GHSA
GHSA-mc26-m43p-75hh: The Discount Rules for WooCommerce WordPress plugin before 2
ghsa_unreviewed·2022-07-18
CVE-2022-2090 [MEDIUM] CWE-79 GHSA-mc26-m43p-75hh: The Discount Rules for WooCommerce WordPress plugin before 2
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
No detection rules found.
No public exploits indexed.
2022-07-17
Published