BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Mrplugins |
|
No data.
No data.
References
History
Tue, 03 Feb 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mrplugins
Mrplugins bootcommerce |
|
| Vendors & Products |
Mrplugins
Mrplugins bootcommerce |
Sun, 01 Feb 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation. | |
| Title | BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-02-03T16:41:17.944Z
Reserved: 2026-01-11T13:34:26.330Z
Link: CVE-2022-50941
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2026-02-01T13:15:57.273
Modified: 2026-02-03T17:15:57.080
Link: CVE-2022-50941
Redhat
No data.