8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H
0.0005 Low
EPSS
Percentile
17.1%
prestashop/prestashop is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to missing restricted html tags in the isCleanHTML
method of Validate.php
which allows an attacker to inject and execute malicious Javascript.
github.com/PrestaShop/PrestaShop/commit/afc14f8eaa058b3e6a20ac43e033ee2656fb88b4
github.com/PrestaShop/PrestaShop/commit/b101f9079505cbae28cfe806916f91c9b14a4fff
github.com/PrestaShop/PrestaShop/commit/e3c71f21a2b74cc99f656119035acf5122c857b1
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xw2r-f8xv-c8xp