CVE-2024-27959

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://patchstack.com/database/vulnerability/woosquare/wordpress-apiexperts-square-for-woocommerce-plugin-4-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "name": "https://patchstack.com/database/vulnerability/woosquare/wordpress-apiexperts-square-for-woocommerce-plugin-4-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://patchstack.com/database/vulnerability/woosquare/wordpress-apiexperts-square-for-woocommerce-plugin-4-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "name": "https://patchstack.com/database/vulnerability/woosquare/wordpress-apiexperts-square-for-woocommerce-plugin-4-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync \u2013 Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync \u2013 Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9.\n\n"}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-27959", "ASSIGNER": "audit@patchstack.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2024-03-17T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:wpexperts:wc_shop_sync:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-02-27T03:34Z"}