Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/07/2015 Updated: 24/06/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin prior to 1.4.18 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-advanced.php, (3) includes/edit-form-advanced30.php, (4) includes/edit-form-advanced34.php, (5) includes/member_edit_form.php, (6) includes/order_edit_form.php, (7) includes/order_list.php, or (8) includes/usces_item_master_list.php, related to admin.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
collne welcart

CWE-79 http://www.welcart.com/community/archives/74867 http://jvn.jp/en/jp/JVN97971874/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000103 https://plugins.trac.wordpress.org/changeset/1199120 https://wpvulndb.com/vulnerabilities/8114 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-2973

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect