CVEs-PoC/2024/CVE-2024-6072.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 06:55:56 +02:00

Files

T

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

POC

Reference

https://wpscan.com/vulnerability/1d8a344b-37e9-41e8-9de0-c67b7ca8e21b/

Github

No PoCs found on GitHub currently.

794 B Raw Blame History

CVE-2024-6072

Description

POC

Reference

Github

794 B

Raw Blame History