GHSA-95hx-62rh-gg96

Source

https://github.com/advisories/GHSA-95hx-62rh-gg96

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-95hx-62rh-gg96/GHSA-95hx-62rh-gg96.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-95hx-62rh-gg96

Aliases

CVE-2020-15178

Published

2020-09-15T17:34:17Z

Modified

2023-11-08T04:02:32.169913Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Potential XSS injection In PrestaShop contactform

Details

Impact

An attacker is able to inject javascript while using the contact form.

Patches

The problem is fixed in v4.3.0

References

Cross-site Scripting (XSS) - Stored (CWE-79)

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-09-15T17:33:50Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Packagist / prestashop/contactform

Package

Name: prestashop/contactform
Purl: pkg:composer/prestashop/contactform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.1

Fixed

4.3.0

Affected versions

v1.*

v1.0.1

v2.*

v2.0.0

v2.0.1

v2.0.2

v3.*

v3.0.0

v4.*

v4.0.0

v4.1.0

v4.1.1

v4.2.0