Stored XSS with custom URLs in PrestaShop module ps_linklist
CVE-2020-5273

4.1MEDIUM

Key Information:

Vendor

Prestashop

Status
Ps Linklist
Vendor
CVE Published:
16 April 2020

What is CVE-2020-5273?

In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0

Affected Version(s)

ps_linklist < 3.1.0

References

https://github.com/PrestaShop/ps_linklist/security/adviso...
x_refsource_CONFIRM
https://github.com/PrestaShop/ps_linklist/commit/83e6e0bd...
x_refsource_MISC

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.