Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for LifterLMS Paypal by Unknown

    CVE-2022-1250 (GCVE-0-2022-1250)

    Vulnerability from nvd – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
    VLAI
    Title
    LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
    Summary
    The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown LifterLMS Paypal Affected: 1.4.0 , < 1.4.0 (custom)
    Create a notification for this product.
    Credits
    Brandon James Roldan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.439Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LifterLMS Paypal",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Brandon James Roldan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T16:05:50.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1250",
              "STATE": "PUBLIC",
              "TITLE": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LifterLMS Paypal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.4.0",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Brandon James Roldan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
                },
                {
                  "name": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/",
                  "refsource": "MISC",
                  "url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1250",
        "datePublished": "2022-05-02T16:05:50.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1250 (GCVE-0-2022-1250)

    Vulnerability from cvelistv5 – Published: 2022-05-02 16:05 – Updated: 2024-08-02 23:55
    VLAI
    Title
    LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting
    Summary
    The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown LifterLMS Paypal Affected: 1.4.0 , < 1.4.0 (custom)
    Create a notification for this product.
    Credits
    Brandon James Roldan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:55:24.439Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LifterLMS Paypal",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.4.0",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Brandon James Roldan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-02T16:05:50.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1250",
              "STATE": "PUBLIC",
              "TITLE": "LifterLMS PayPal \u003c 1.4.0 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "LifterLMS Paypal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.4.0",
                                "version_value": "1.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Brandon James Roldan"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718"
                },
                {
                  "name": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/",
                  "refsource": "MISC",
                  "url": "https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1250",
        "datePublished": "2022-05-02T16:05:50.000Z",
        "dateReserved": "2022-04-06T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:55:24.439Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }