ECPay Logistics for WooCommerce <= 1.2.181030 - Unauthenticated Reflected XSS



Description
The CVSStoreName, CVSAddress, CVSTelephone and CVSStoreID from the getChangeResponse.php are affected by reflected XSS issues.
Proof of Concept The PoC will be displayed once the issue has been remediated.

Affects Plugin

References

PACKETSTORM 154370

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ricardo Sanchez
Views 1860
Verified Yes
WPVDB ID 9869

Timeline

Publicly Published 2019-09-05 (18 days ago)
Added 2019-09-06 (17 days ago)
Last Updated 2019-09-06 (17 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin