Vulnerability Details CVE-2020-5273
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.2%
CVSS Severity
CVSS v3 Score 4.1
CVSS v2 Score 3.5
References
- https://github.com/PrestaShop/ps_linklist/commit/83e6e0bdda2287f4d6e64127cb90c41d26b5ad82
- https://github.com/PrestaShop/ps_linklist/security/advisories/GHSA-cx2r-mf6x-55rx
- https://github.com/PrestaShop/ps_linklist/commit/83e6e0bdda2287f4d6e64127cb90c41d26b5ad82
- https://github.com/PrestaShop/ps_linklist/security/advisories/GHSA-cx2r-mf6x-55rx
Products affected by CVE-2020-5273
-
cpe:2.3:a:prestashop:prestashop_linklist:3.0.0
-
cpe:2.3:a:prestashop:prestashop_linklist:3.0.1
-
cpe:2.3:a:prestashop:prestashop_linklist:3.0.2
-
cpe:2.3:a:prestashop:prestashop_linklist:3.0.3
-
cpe:2.3:a:prestashop:prestashop_linklist:3.0.4