CVE-2024-34716 - Vulnerability Details - OpenCVE

PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator's right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Prestashop	Prestashop

Configuration 1 [-]

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78

History

Tue, 21 Jan 2025 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Prestashop Prestashop prestashop
CPEs		cpe:2.3:a:prestashop:prestashop::::::::
Vendors & Products		Prestashop Prestashop prestashop

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-14T15:45:45.345Z

Updated: 2024-08-02T02:59:22.218Z

Reserved: 2024-05-07T13:53:00.134Z

Link: CVE-2024-34716

Vulnrichment

Updated: 2024-08-02T02:59:22.218Z

NVD

Status : Analyzed

Published: 2024-05-14T16:17:28.073

Modified: 2025-01-21T16:06:58.623

Link: CVE-2024-34716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34716", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-07T13:53:00.134Z", "datePublished": "2024-05-14T15:45:45.345Z", "dateUpdated": "2024-08-02T02:59:22.218Z"}, "containers": {"cna": {"title": "PrestaShop vulnerable to XSS via customer contact form in FO, through file upload", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.7, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78"}, {"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6"}], "affected": [{"vendor": "PrestaShop", "product": "PrestaShop", "versions": [{"version": ">= 8.1.0, < 8.1.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-14T15:45:45.345Z"}, "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator's right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag."}], "source": {"advisory": "GHSA-45vm-3j38-7p78", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "prestashop", "product": "prestashop", "cpes": ["cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.1.0", "status": "affected", "lessThan": "8.1.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T20:41:38.434859Z", "id": "CVE-2024-34716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:43:10.450Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.218Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78"}, {"name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.218Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-11T20:41:38.434859Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*"], "vendor": "prestashop", "product": "prestashop", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:42:48.848Z"}}], "cna": {"title": "PrestaShop vulnerable to XSS via customer contact form in FO, through file upload", "source": {"advisory": "GHSA-45vm-3j38-7p78", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.7, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "PrestaShop", "product": "PrestaShop", "versions": [{"status": "affected", "version": ">= 8.1.0, < 8.1.6"}]}], "references": [{"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "name": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "name": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator's right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-14T15:45:45.345Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34716", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:59:22.218Z", "dateReserved": "2024-05-07T13:53:00.134Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-14T15:45:45.345Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", "matchCriteriaId": "27D84E2B-407D-4315-A9A4-DF2308ED678F", "versionEndExcluding": "8.1.6", "versionStartIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PrestaShop is an open source e-commerce web application. A cross-site scripting (XSS) vulnerability that only affects PrestaShops with customer-thread feature flag enabled is present starting from PrestaShop 8.1.0 and prior to PrestaShop 8.1.6. When the customer thread feature flag is enabled through the front-office contact form, a hacker can upload a malicious file containing an XSS that will be executed when an admin opens the attached file in back office. The script injected can access the session and the security token, which allows it to perform any authenticated action in the scope of the administrator's right. This vulnerability is patched in 8.1.6. A workaround is to disable the customer-thread feature-flag."}, {"lang": "es", "value": "PrestaShop es una aplicaci\u00f3n web de comercio electr\u00f3nico de c\u00f3digo abierto. Una vulnerabilidad de Cross Site Scripting (XSS) que solo afecta a PrestaShops con el indicador de funci\u00f3n de hilo de cliente habilitado est\u00e1 presente a partir de PrestaShop 8.1.0 y antes de PrestaShop 8.1.6. Cuando el indicador de funci\u00f3n del hilo del cliente est\u00e1 habilitado a trav\u00e9s del formulario de contacto del front-office, un pirata inform\u00e1tico puede cargar un archivo malicioso que contenga un XSS que se ejecutar\u00e1 cuando un administrador abra el archivo adjunto en el back-office. El script inyectado puede acceder a la sesi\u00f3n y al token de seguridad, lo que le permite realizar cualquier acci\u00f3n autenticada en el \u00e1mbito del derecho de administrador. Esta vulnerabilidad est\u00e1 parcheada en 8.1.6. Una workaround es desactivar el indicador de funci\u00f3n del hilo del cliente."}], "id": "CVE-2024-34716", "lastModified": "2025-01-21T16:06:58.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T16:17:28.073", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}