fieldpopupnewsletter- PrestaShop module vulnerability (CVE-2023-39676)

Modulefieldpopupnewsletter

Score

6.1 Medium

Date publish

08-09-2023

Versiones afectadas

Versions from 1.0.0 up to and including 1.0.0

Description

FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.

References

https://blog.sorcery.ie/posts/fieldpopup...

Exploit mitre.org

https://sorcery.ie

Not Applicable mitre.org

https://themeforest.net/user/fieldthemes

Product mitre.org

https://blog.sorcery.ie/posts/fieldpopup...

Exploit

https://sorcery.ie

Not Applicable

https://themeforest.net/user/fieldthemes

Product

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
baseScore	6.1
baseSeverity	MEDIUM
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	REQUIRED
scope	CHANGED
confidentialityImpact	LOW
integrityImpact	LOW
availabilityImpact	NONE
exploitabilityScore	2.8
impactScore	2.7