PrestaShop CVE-2020-15161 vulnerability
Core
Score
6.1 MediumDate publish
24-09-2020Versiones afectadas
- Versions from 1.6.0.4 up to but not including 1.7.6.8
Description
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8References
Metrics
| cvssMetricV31 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | security-advisories@github.com | nvd@nist.gov | |||||||||
| type | Secondary | Primary | |||||||||
| version | 3.1 | 3.1 | |||||||||
| vectorString | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | |||||||||
| baseScore | 5.4 | 6.1 | |||||||||
| baseSeverity | MEDIUM | MEDIUM | |||||||||
| attackVector | NETWORK | NETWORK | |||||||||
| attackComplexity | HIGH | LOW | |||||||||
| privilegesRequired | NONE | NONE | |||||||||
| userInteraction | NONE | REQUIRED | |||||||||
| scope | CHANGED | CHANGED | |||||||||
| confidentialityImpact | LOW | LOW | |||||||||
| integrityImpact | LOW | LOW | |||||||||
| availabilityImpact | NONE | NONE | |||||||||
| exploitabilityScore | 2.2 | 2.8 | |||||||||
| impactScore | 2.7 | 2.7 | |||||||||
| cvssMetricV2 | |||||||||||
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:M/Au:N/C:N/I:P/A:N | ||||||||||
| baseScore | 4.3 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | MEDIUM | ||||||||||
| authentication | NONE | ||||||||||
| confidentialityImpact | NONE | ||||||||||
| integrityImpact | PARTIAL | ||||||||||
| availabilityImpact | NONE | ||||||||||
| baseSeverity | MEDIUM | ||||||||||
| exploitabilityScore | 8.6 | ||||||||||
| impactScore | 2.9 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | True | ||||||||||