Official Integration for Billingo by PWS Online Kft. <= 3.3.9 - Authenticated (Shop Manager+) Stored Cross-Site Scripting (XSS)
REPORT ID: 2dc99254-1f3d-4b84-8a6b-72bc89cbaa1d
The plugin contains a Cross-Site Scripting (XSS) vulnerability due to the plugin does not sanitize and escape some parameters, which makes it possible for authenticated attackers with a role as low as shop manager to inject arbitrary web scripts.
You need to log in to view the vulnerability details.