Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-07-02T20:00:00

Updated: 2024-08-06T11:20:26.574Z

Reserved: 2014-06-23T00:00:00

Link: CVE-2014-4549

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-07-02T20:55:06.187

Modified: 2024-11-21T02:10:25.400

Link: CVE-2014-4549

cve-icon Redhat

No data.