admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 02:00:53 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-04xx/CVE-2023-0479.json

20 lines
888 B
JSON
Raw Normal View History

Auto-Update: 2024-01-16T17:00:25.094918+00:00
2024-01-16 17:00:28 +00:00
{
"id": "CVE-2023-0479",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:10.580",
Auto-Update: 2024-01-17T00:55:25.090016+00:00
2024-01-17 00:55:29 +00:00
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2024-01-16T17:00:25.094918+00:00
2024-01-16 17:00:28 +00:00
"descriptions": [
{
"lang": "en",
"value": "The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding."
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/50963747-ae8e-42b4-bb42-cc848be7b92e/",
"source": "contact@wpscan.com"
}
]
}
Reference in New Issue Copy Permalink