amazzing_filter- PrestaShop module vulnerability (CVE-2023-48042)

Moduleamazzing_filter

Score

6.1 Medium

Date publish

28-11-2023

Versiones afectadas

  • Up to and including 3.2.5

Description

Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.

References

Metrics

cvssMetricV31
sourcenvd@nist.gov
typePrimary
version3.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
baseScore6.1
baseSeverityMEDIUM
attackVectorNETWORK
attackComplexityLOW
privilegesRequiredNONE
userInteractionREQUIRED
scopeCHANGED
confidentialityImpactLOW
integrityImpactLOW
availabilityImpactNONE
exploitabilityScore2.8
impactScore2.7
Scroll al inicio