PrestaShop CVE-2018-5681 vulnerability

Core

Score

5.4 Medium

Date publish

13-01-2018

Versiones afectadas

Versions from 1.7.2.4 up to and including 1.7.2.4

Description

PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.

References

http://forge.prestashop.com/browse/BOOM-...

Third Party Advisory mitre.org

http://forge.prestashop.com/browse/BOOM-...

Third Party Advisory

Metrics

cvssMetricV30
source	nvd@nist.gov
type	Primary
version	3.0
vectorString	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
baseScore	5.4
baseSeverity	MEDIUM
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	LOW
userInteraction	REQUIRED
scope	CHANGED
confidentialityImpact	LOW
integrityImpact	LOW
availabilityImpact	NONE
exploitabilityScore	2.3
impactScore	2.7
cvssMetricV2
source	nvd@nist.gov
type	Primary
version	2.0
vectorString	AV:N/AC:M/Au:S/C:N/I:P/A:N
baseScore	3.5
accessVector	NETWORK
accessComplexity	MEDIUM
authentication	SINGLE
confidentialityImpact	NONE
integrityImpact	PARTIAL
availabilityImpact	NONE
baseSeverity	LOW
exploitabilityScore	6.8
impactScore	2.9
acInsufInfo	False
obtainAllPrivilege	False
obtainUserPrivilege	False
obtainOtherPrivilege	False
userInteractionRequired	True