{"id":76067,"date":"2026-02-01T15:45:52","date_gmt":"2026-02-01T12:15:52","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2022-50941-bootcommerce-3-2-1-persistent-cross-site-scripting-via-order-checkout\/"},"modified":"2026-02-01T15:45:52","modified_gmt":"2026-02-01T12:15:52","slug":"cve-2022-50941-bootcommerce-3-2-1-persistent-cross-site-scripting-via-order-checkout","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2022-50941-bootcommerce-3-2-1-persistent-cross-site-scripting-via-order-checkout\/","title":{"rendered":"CVE-2022-50941 &#8211; BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout"},"content":{"rendered":"<p>CVE ID : CVE-2022-50941<\/p>\n<p>Published :  Feb. 1, 2026, 12:15 p.m. | 59\u00a0minutes ago<\/p>\n<p>Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.<\/p>\n<p>Severity: 6.4 | MEDIUM<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2022-50941 Published : Feb. 1, 2026, 12:15 p.m. | 59\u00a0minutes ago Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-76067","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76067","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=76067"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76067\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=76067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=76067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=76067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}