CVE-2023-48042

Опубликовано: 28 нояб. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.

Ссылки

https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html
Product
https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e
Third Party Advisory
https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html
Product
https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:communitydeveloper:amazzing_filter:*:*:*:*:*:prestashop:*:*

Версия до 3.2.5 (включая)

EPSS

Процентиль: 19%

0.00061

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-8796-pv4j-wgjh