Welcart e-Commerce < 2.8.22 – Multiple XSS | CVE 2023-41233

Affects Plugins

usc-e-shop

Fixed in 2.8.22

References

CVE

CVE-2023-41233

CVE

CVE-2023-41962

CVE

CVE-2023-43484

CVE

CVE-2023-43614

URL

https://jvn.jp/en/jp/JVN97197972/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Original Researcher

Akihiro Hashimoto

Verified

No

WPVDB ID

8b86d7b1-9846-49d1-bb47-bc22500edb44

Timeline

Publicly Published

2023-09-26 (about 2 years ago)

Added

2023-09-28 (about 2 years ago)

Last Updated

2023-09-28 (about 2 years ago)

Other

Published

Title

Published

2024-10-24

Title

Trip Plan < 2.0.0 - Contributor+ Stored XSS

Published

2023-12-05

Title

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2014-04-25

Title

Style It <= 1.0 - XSS

Published

2024-06-22

Title

SULly < 4.3.1 - Admin+ Stored XSS

Published

2024-05-20

Title

Tainacan < 0.21.4 - Authenticated (Contributor+) Stored Cross-Site Scripting