← Voltar para CVEs

CVE-2015-7666

N/A

Descricao

Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.

Detalhes CVE

Pontuacao CVSS v3.1N/A

Publicado12/27/2017

Ultima modificacao4/20/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

codepeople:payment_form_for_paypal_pro

Fraquezas (CWE)

CWE-79

Referencias

http://www.securityfocus.com/archive/1/536602/100/0/threaded(cve@mitre.org)

https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro(cve@mitre.org)

https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers(cve@mitre.org)

https://wpvulndb.com/vulnerabilities/8210(cve@mitre.org)

http://www.securityfocus.com/archive/1/536602/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)

https://plugins.trac.wordpress.org/changeset/1254452/payment-form-for-paypal-pro(af854a3a-2127-422b-91ae-364da2661108)

https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers(af854a3a-2127-422b-91ae-364da2661108)

https://wpvulndb.com/vulnerabilities/8210(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.