Cross site scripting

2020-03-2519:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with url_name parameter. The problem is fixed in 3.5.0

CPENameOperatorVersion
faceted_search_modulegt1.0.0
faceted_search_modulelt3.5.0

CPE	Name	Operator	Version
	faceted_search_module	gt	1.0.0
	faceted_search_module	lt	3.5.0

References

github.com/PrestaShop/ps_facetedsearch/commit/c792ddcdd84ec208a6dfa4a30fd66d8bc9863f4a

github.com/PrestaShop/ps_facetedsearch/security/advisories/GHSA-mmmv-m5q9-g3cm