CVE-2023-39527

2023-08-0721:15:10

CWE-116

CWE-79

[email protected]

web.nvd.nist.gov

prestashop

e-commerce

web application

cve-2023-39527

cross-site scripting

vulnerability

nvd

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H

0.0005 Low

EPSS

Percentile

17.1%

JSON

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

Affected configurations

Vulners

NVD

Node

prestashopprestashopRange<1.7.8.10

prestashopprestashopRange8.0.0–8.0.5

prestashopprestashopMatch8.1.0

VendorProductVersionCPE
prestashopprestashop*cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
prestashopprestashop*cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
prestashopprestashop8.1.0cpe:2.3:a:prestashop:prestashop:8.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
prestashop	prestashop	*	cpe:2.3:a:prestashop:prestashop::::::::
prestashop	prestashop	*	cpe:2.3:a:prestashop:prestashop::::::::
prestashop	prestashop	8.1.0	cpe:2.3:a:prestashop:prestashop:8.1.0:::::::*

CNA Affected

[
  {
    "vendor": "PrestaShop",
    "product": "PrestaShop",
    "versions": [
      {
        "version": "< 1.7.8.10",
        "status": "affected"
      },
      {
        "version": ">= 8.0.0, < 8.0.5",
        "status": "affected"
      },
      {
        "version": "= 8.1.0",
        "status": "affected"
      }
    ]
  }
]