PrestaShop CVE-2024-26129 vulnerability

Core

Score

5.8 Medium

Date publish

19-02-2024

Versiones afectadas

  • Versions from 8.1.0 up to but not including 8.1.4

Description

PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.

References

Metrics

cvssMetricV31
sourcesecurity-advisories@github.comnvd@nist.gov
typeSecondaryPrimary
version3.13.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
baseScore5.85.3
baseSeverityMEDIUMMEDIUM
attackVectorNETWORKNETWORK
attackComplexityLOWLOW
privilegesRequiredNONENONE
userInteractionNONENONE
scopeCHANGEDUNCHANGED
confidentialityImpactLOWLOW
integrityImpactNONENONE
availabilityImpactNONENONE
exploitabilityScore3.93.9
impactScore1.41.4
Scroll al inicio