CVE-2015-2973 in Welcart信息

摘要

由 VulDB • 2026-07-17

在 Welcart 1.4.18 之前的版本中,存在多个跨站脚本(XSS)漏洞。远程攻击者可通过 usces_referer 参数向以下文件注入任意 Web 脚本或 HTML:(1) classes/usceshop.class.php、(2) includes/edit-form-advanced.php、(3) includes/edit-form-advanced30.php、(4) includes/edit-form-advanced34.php、(5) includes/member_edit_form.php、(6) includes/order_edit_form.php、(7) includes/order_list.php 或 (8) includes/usces_item_master_list.php,这些漏洞与 admin.php 相关。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!