Lucene search

GoogleOSV:BIT-PRESTASHOP-2023-39527

HistoryMar 06, 2024 - 11:03 a.m.

BIT-prestashop-2023-39527

2024-03-0611:03:34

Google

osv.dev

prestashop

e-commerce

web application

cross-site scripting

vulnerability

patch

no workarounds

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

PrestaShop is an open source e-commerce web application. Versions prior to 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.

CPENameOperatorVersion
prestashopge8.1.0
prestashople8.1.0
prestashopge8.0.0
prestashoplt8.0.5

Name	Operator	Version
prestashop	ge	8.1.0
prestashop	le	8.1.0
prestashop	ge	8.0.0
prestashop	lt	8.0.5

References

github.com/PrestaShop/PrestaShop/commit/afc14f8eaa058b3e6a20ac43e033ee2656fb88b4

github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xw2r-f8xv-c8xp

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:BIT-PRESTASHOP-2023-39527