The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
History

Fri, 14 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2025-02-14T17:50:19.331Z

Reserved: 2021-08-20T00:00:00.000Z

Link: CVE-2021-39309

cve-icon Vulnrichment

Updated: 2024-08-04T02:06:41.647Z

cve-icon NVD

Status : Modified

Published: 2021-12-14T16:15:08.423

Modified: 2024-11-21T06:19:12.023

Link: CVE-2021-39309

cve-icon Redhat

No data.