CVE-2020-15161

Опубликовано: 24 сент. 2020

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/562a231fec18a928e4a601860416fe11af274672
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-5cp2-r794-w37w
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/562a231fec18a928e4a601860416fe11af274672
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-5cp2-r794-w37w
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.6.0.4 (включая) до 1.7.6.8 (исключая)

EPSS

Процентиль: 52%

0.00291

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 52%

0.00291

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79