Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
Vulnerability Description
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WooCommerce 安全漏洞
Vulnerability Description
WooCommerce是WooCommerce公司的一个基于 WordPress 构建的开源电子商务平台。 WooCommerce 8.8版本存在安全漏洞,该漏洞源于容易受到跨站脚本攻击,攻击者可能会劫持浏览器中存储的内容、数据和会话。
CVSS Information
N/A
Vulnerability Type
N/A