GitHub Advisory DatabaseGHSA-95HX-62RH-GG96Potential XSS injection In PrestaShop contactform
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
61.0%
Impact
An attacker is able to inject javascript while using the contact form.
Patches
The problem is fixed in v4.3.0
References
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| prestashop | contactform | * | cpe:2.3:a:prestashop:contactform:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-95hx-62rh-gg96
github.com/PrestaShop/contactform/commit/a1da814bea7e5750b858a2dbbc58ace80379f42f
github.com/PrestaShop/contactform/commit/ecd9f5d14920ec00885766a7cb41bcc5ed8bfa09
github.com/PrestaShop/contactform/security/advisories/GHSA-95hx-62rh-gg96
nvd.nist.gov/vuln/detail/CVE-2020-15178
packagist.org/packages/prestashop/contactform
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS
Percentile
61.0%