GHSA-58w4-w77w-qv3w

Опубликовано: 16 нояб. 2020

Источник: github

Github: Прошло ревью

CVSS3: 8.7

Описание

Reflected XSS with parameters in PostComment

Impact

An attacker could inject malicious web code into the users' web browsers by creating a malicious link.

Patches

The problem is fixed in 4.2.0

References

Cross-site Scripting (XSS) - Reflected (CWE-79)

Ссылки

Пакеты

Наименование

prestashop/productcomments

composer

Затронутые версииВерсия исправления

>= 4.0.0, < 4.2.0

4.2.0

EPSS

Процентиль: 53%

0.00305

Низкий

8.7 High

CVSS3

CVE ID

CVE-2020-26225

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-26225

CVSS3: 8.7

nvd

около 5 лет назад

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0

EPSS

Процентиль: 53%

0.00305

Низкий

8.7 High

CVSS3

CVE ID

CVE-2020-26225

Дефекты

CWE-79