Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Communitydeveloper
  • Amazzing Filter

Configuration 1 [-]

cpe:2.3:a:communitydeveloper:amazzing_filter:*:*:*:*:*:prestashop:*:*
References
Link Resource
https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html Product
https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-28T00:00:00

Updated: 2023-11-30T06:30:51.753345

Reserved: 2023-11-13T00:00:00

Link: CVE-2023-48042

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-11-28T13:15:07.410

Modified: 2023-11-30T20:36:48.927

Link: CVE-2023-48042

JSON object: View

cve-icon Redhat Information

No data.

CWE