CVE-2020-5266

Medium

In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title…

GitHub_M·CWE-79·Published 2020-04-16

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

174 chars

In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0

NVDen

174 chars

In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0

En el módulo ps_link para PrestaShop versiones anteriores a la versión 3.1.0, tiene una vulnerabilidad de tipo XSS almacenado cuando se crea o edita un bloque de lista de enlaces con el campo title. El problema es corregido en la versión 3.1.0

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
3.1	Primary	NVD	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	4.4	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	4.4	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	NVD	4.4	1.3	2.7	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N