PT-2019-7334 · Ithemes · Table Rate Shipping Add-On For Ithemes Exchange

Daniel Cid

Published

2019-08-28

Updated

2019-09-04

CVE-2015-9375

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Table Rate Shipping Add-on for iThemes Exchange version 1.1.0 and earlier

Description The issue concerns a problem where an attacker can exploit the add query arg() and remove query arg() functions to perform a cross-site scripting (XSS) attack.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9375

Affected Products

Table Rate Shipping Add-On For Ithemes Exchange

PT-2019-7334 · Ithemes · Table Rate Shipping Add-On For Ithemes Exchange

CVE-2015-9375

Weakness Enumeration

Related Identifiers

Affected Products

References · 4