CVE-2022-4227

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 57.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Booster Elite FOR Woocommerce Unknown Booster FOR Woocommerce Unknown Booster Plus FOR Woocommerce +3 more

Timeline

PublishedDec 26

Description

The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plus for WooCommerce WordPress plugin before 6.0.0, Booster Elite for WooCommerce WordPress plugin before 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶CVEListV5unknown/booster_plus_for_woocommerce< 6.0.0

▶CVEListV5unknown/booster_elite_for_woocommerce< 6.0.0

▶CVEListV5unknown/booster_for_woocommerce< 5.6.3

▶NVDbooster/booster_plus< 6.0.0

▶NVDbooster/booster_elite< 6.0.0

🔴Vulnerability Details

CVEList

Booster for WooCommerce - Reflected Cross-Site Scripting↗2022-12-26

▶

GHSA

GHSA-366w-rp6m-qm5x: The Booster for WooCommerce WordPress plugin before 5↗2022-12-26

▶