Lucene search
GitHub Advisory DatabaseGHSA-XW2R-F8XV-C8XPHistoryAug 09, 2023 - 2:37 p.m.
PrestaShop XSS injection through Validate::isCleanHTML method
2023-08-0914:37:16
CWE-116
GitHub Advisory Database
github.com
17
prestashop
xss injection
validate::iscleanhtml
impact
aleksey solovev
patches
positive technologies
1.7.8.10
8.0.5
8.1.1
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H
0.0005 Low
EPSS
Percentile
17.1%
Impact
xss injection through isCleanHTML method
Patches
1.7.8.10
8.0.5
8.1.1
Found by
Aleksey Solovev (Positive Technologies)
Workarounds
References
Affected configurations
Node
prestashopprestashopRange<1.7.8.10
ORprestashopprestashopRange<8.0.5
ORprestashopprestashopMatch8.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| prestashop/prestashop | lt | 1.7.8.10 | |
| prestashop/prestashop | lt | 8.0.5 | |
| prestashop/prestashop | eq | 8.1.0 |
Related
cve
cve
CVE-2023-39527
2023-08-07 21:15:10
prion
prion
Cross site scripting
2023-08-07 21:15:00
osv
osv
PrestaShop XSS injection through Validate::isCleanHTML method
2023-08-09 14:37:16
BIT-prestashop-2023-39527
2024-03-06 11:03:34
CVE-2023-39527
2023-08-07 21:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-39527
2023-08-07 21:15:10
veracode
veracode
Cross-site Scripting (XSS)
2023-08-09 08:44:52
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H
0.0005 Low
EPSS
Percentile
17.1%
Related for GHSA-XW2R-F8XV-C8XP