GHSA-6mhc-hqr3-w466

Опубликовано: 12 мая 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-95hx-62rh-gg96. This link is maintained to preserve external references.

Original Description

A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.

Ссылки

Пакеты

Наименование

prestashop/prestashop

composer

Затронутые версииВерсия исправления

<= 1.7.7.4

Отсутствует

6.1 Medium

CVSS3

CVE ID

CVE-2023-31508

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-31508

nvd

больше 2 лет назад

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2020-15178. Reason: This record is a duplicate of CVE-2020-15178. Notes: All CVE users should reference CVE-2020-15178 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

6.1 Medium

CVSS3

CVE ID

CVE-2023-31508

Дефекты

CWE-79