Security Advisory

CVE-2015-3421

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-07-21 14:00:00

Last updated 2024-08-06 05:47:57

Assigner mitre

State PUBLISHED

Description

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.

← Browse all CVEs View on cve.org ↗