Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jeDJyLW1mNngtNTVyeM0WcQ
Stored XSS with custom URLs in PrestaShop module ps_linklist
Impact
Stored XSS when using custom URLs.
Patches
The problem is fixed in 3.1.0
References
Cross-site Scripting (XSS) - Stored (CWE-79)
Permalink: https://github.com/advisories/GHSA-cx2r-mf6x-55rxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jeDJyLW1mNngtNTVyeM0WcQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 4.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Identifiers: GHSA-cx2r-mf6x-55rx, CVE-2020-5273
References:
- https://github.com/PrestaShop/ps_linklist/security/advisories/GHSA-cx2r-mf6x-55rx
- https://nvd.nist.gov/vuln/detail/CVE-2020-5273
- https://github.com/PrestaShop/ps_linklist/commit/83e6e0bdda2287f4d6e64127cb90c41d26b5ad82
- https://github.com/advisories/GHSA-cx2r-mf6x-55rx
Blast Radius: 9.9
Affected Packages
packagist:prestashop/ps_linklist
Dependent packages: 2Dependent repositories: 267
Downloads: 3,300,250 total
Affected Version Ranges: < 3.1.0
Fixed in: 3.1.0
All affected versions: 1.0.4, 1.1.0, 1.2.0, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4
All unaffected versions: 3.1.0, 3.2.0, 4.0.0, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7