What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Reflected XSS.This issue affects WooMS: from n/a through <= 9.12.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpcraft WooMS wooms allows Reflected XSS.This issue affects WooMS: from n/a through <= 9.12.
Explanation of Vulnerability in Simple Terms
WooMS versions 9.12 and earlier contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. The vulnerability requires user interaction—typically clicking a malicious link—and can affect multiple users across the site. Updating to version 9.13 or later resolves the issue.
What an attacker can do
Inject malicious scripts that execute in other users' browsers, potentially stealing session tokens or performing actions on their behalf.
Potential impact on your site
Site visitors could be redirected, have their sessions hijacked, or see defaced content if they click attacker-controlled links.
Conditions required to exploit
Attacker needs network access and must trick a user into clicking a malicious link or visiting a compromised page.
Key dates
External resources