https://www.pluginvulnerabilities.com/2017/12/18/open-redirect-vulnerabilty-in-sagepay-server-gateway-for-woocommerce/

Recently Ricardo Sanchez disclosed a reflected cross-site scripting (XSS) vulnerability in the plugin SagePay Server Gateway for WooCommerce. When we went to test that out while adding the vulnerability to our data set, we noticed a strange result. The proof of concept URL was

/wp-content/plugins/sagepay-server-gateway-for woocommerce/includes/pages/redirect.php?page=</script>”><script>alert(“R1XS4.COM”)</script>

but after the reflected cross-site scripting happened the URL was changing to

/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/</script>

Looking at the

Share This