Get tailored security recommendations from our analyst team for CVE-2023-31508. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

No description available

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability

GHSA-6mhc-hqr3-w466

Advisory Details

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-95hx-62rh-gg96. This link is maintained to preserve external references. ## Original Description A cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.

Affected Packages

Packagist prestashop/prestashop

ECOSYSTEM: ≥0 ≤1.7.7.4

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-31508

PACKAGE https://github.com/PrestaShop/PrestaShop

WEB https://github.com/mustgundogdu/Research/blob/main/PrestaShop/ReflectedXSS_1.7.7.4.md

Advisory provided by GitHub Security Advisory Database. Published: May 12, 2023, Modified: June 6, 2023

Published: Unknown

Last Modified: 2023-06-06T00:00:00

Copied to clipboard!

CVE-2023-31508

Expert Analysis