CVE-2023-47110

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
prestashopcustomer_reassurance_block
𝑥
< 5.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78