PrestaShop CVE-2012-6641 vulnerability
Core
Score
4.3 MediumDate publish
07-04-2014Versiones afectadas
- Up to and including 1.4.7.1
- Versions from 1.4.0.1 up to and including 1.4.0.1
- Versions from 1.4.0.2 up to and including 1.4.0.2
- Versions from 1.4.0.3 up to and including 1.4.0.3
- Versions from 1.4.0.4 up to and including 1.4.0.4
- Versions from 1.4.0.5 up to and including 1.4.0.5
- Versions from 1.4.0.6 up to and including 1.4.0.6
- Versions from 1.4.0.7 up to and including 1.4.0.7
- Versions from 1.4.0.8 up to and including 1.4.0.8
- Versions from 1.4.0.9 up to and including 1.4.0.9
- Versions from 1.4.0.10 up to and including 1.4.0.10
- Versions from 1.4.0.11 up to and including 1.4.0.11
- Versions from 1.4.0.12 up to and including 1.4.0.12
- Versions from 1.4.0.13 up to and including 1.4.0.13
- Versions from 1.4.0.14 up to and including 1.4.0.14
- Versions from 1.4.0.15 up to and including 1.4.0.15
- Versions from 1.4.0.16 up to and including 1.4.0.16
- Versions from 1.4.0.17 up to and including 1.4.0.17
- Versions from 1.4.1.0 up to and including 1.4.1.0
- Versions from 1.4.2.4 up to and including 1.4.2.4
- Versions from 1.4.2.5 up to and including 1.4.2.5
- Versions from 1.4.3.0 up to and including 1.4.3.0
- Versions from 1.4.4.0 up to and including 1.4.4.0
- Versions from 1.4.4.1 up to and including 1.4.4.1
- Versions from 1.4.5.1 up to and including 1.4.5.1
- Versions from 1.4.6.1 up to and including 1.4.6.1
- Versions from 1.4.6.2 up to and including 1.4.6.2
- Versions from 1.4.7.0 up to and including 1.4.7.0
Description
Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values."References
Metrics
| cvssMetricV2 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:M/Au:N/C:N/I:P/A:N | ||||||||||
| baseScore | 4.3 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | MEDIUM | ||||||||||
| authentication | NONE | ||||||||||
| confidentialityImpact | NONE | ||||||||||
| integrityImpact | PARTIAL | ||||||||||
| availabilityImpact | NONE | ||||||||||
| baseSeverity | MEDIUM | ||||||||||
| exploitabilityScore | 8.6 | ||||||||||
| impactScore | 2.9 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | True | ||||||||||