GHSA-VR7M-R9VM-M4WF

Vulnerability from github – Published: 2024-01-03 21:48 – Updated: 2024-01-03 21:48
VLAI?
Summary
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Details

Impact

The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer session from which it was sent.

Be careful if you have a module fetching these messages from the DB and displaying it without escaping html.

Patches

8.1.x

Reporter

Reported by Rona Febriana (linkedin: https://www.linkedin.com/in/rona-febriana/)

Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "prestashop/prestashop"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21628"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-03T21:48:56Z",
    "nvd_published_at": "2024-01-02T22:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB.\nThe impact is low because the html is not interpreted in BO, thanks to twig\u0027s escape mechanism.\nIn FO, the xss is effective, but only impacts the customer sending it, or the customer session from which it was sent.\n\nBe careful if you have a module fetching these messages from the DB and displaying it without escaping html.\n\n### Patches\n8.1.x\n\n### Reporter\nReported by Rona Febriana (linkedin: https://www.linkedin.com/in/rona-febriana/)",
  "id": "GHSA-vr7m-r9vm-m4wf",
  "modified": "2024-01-03T21:48:56Z",
  "published": "2024-01-03T21:48:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21628"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/commit/afc45b93b3cc33be0e571559d2838c6960d98856"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PrestaShop/PrestaShop"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PrestaShop XSS can be stored in DB from \"add a message form\" in order detail page (FO)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.