CVE-2015-2973 in Welcart
摘要
由 VulDB • 2026-07-17
在 Welcart 1.4.18 之前的版本中,存在多个跨站脚本(XSS)漏洞。远程攻击者可通过 usces_referer 参数向以下文件注入任意 Web 脚本或 HTML:(1) classes/usceshop.class.php、(2) includes/edit-form-advanced.php、(3) includes/edit-form-advanced30.php、(4) includes/edit-form-advanced34.php、(5) includes/member_edit_form.php、(6) includes/order_edit_form.php、(7) includes/order_list.php 或 (8) includes/usces_item_master_list.php,这些漏洞与 admin.php 相关。
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.