CVE-2023-48042

Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:communitydeveloper:amazzing_filter:*:*:*:*:*:prestashop:*:*

History

30 Nov 2023, 20:36

Type Values Removed Values Added
First Time Communitydeveloper
Communitydeveloper amazzing Filter
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
CPE cpe:2.3:a:communitydeveloper:amazzing_filter:*:*:*:*:*:prestashop:*:*
References () https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e - () https://medium.com/%40nasir.synack/uncovering-a-cross-site-scripting-vulnerability-cve-2023-48042-in-amazzing-filters-prestashop-2e4a9f8b655e - Third Party Advisory
References () https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html - () https://addons.prestashop.com/en/search-filters/18575-amazzing-filter.html - Product

30 Nov 2023, 07:15

Type Values Removed Values Added
Summary Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Site Scripting (XSS). Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code.

28 Nov 2023, 14:12

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-28 13:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-48042

Mitre link : CVE-2023-48042

CVE.ORG link : CVE-2023-48042


JSON object : View

Products Affected

communitydeveloper

  • amazzing_filter
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')