soflexibilite- PrestaShop module vulnerability (CVE-2024-25841)

Modulesoflexibilite

Score

5.9 Medium

Date publish

27-02-2024

Versiones afectadas

  • Less than 4.1.14

Description

In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.

References

Metrics

cvssMetricV31
source134c704f-9b21-4f2e-91b3-4a467353bcc0
typeSecondary
version3.1
vectorStringCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
baseScore5.9
baseSeverityMEDIUM
attackVectorLOCAL
attackComplexityLOW
privilegesRequiredNONE
userInteractionNONE
scopeUNCHANGED
confidentialityImpactLOW
integrityImpactLOW
availabilityImpactLOW
exploitabilityScore2.5
impactScore3.4
Scroll al inicio