CVE-2025-30906

{"id": "CVE-2025-30906", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.8}]}, "published": "2025-04-01T21:15:46.010", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial \u2013 Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through 1.7.3."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Coffee Code Tech Plugin Oficial \u2013 Getnet para WooCommerce permite XSS reflejado. Este problema afecta al plugin oficial de Coffee Code Tech, Getnet para WooCommerce, desde la versi\u00f3n n/a hasta la 1.7.3."}], "lastModified": "2025-04-02T14:58:07.527", "sourceIdentifier": "audit@patchstack.com"}