CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashop:m4_pdf:*:*:*:*:*:prestashop:*:*

History

No history.

Information

Published : 2023-09-20 13:15

Updated : 2023-09-22 19:33

NVD link : CVE-2022-45448

Mitre link : CVE-2022-45448

CVE.ORG link : CVE-2022-45448

JSON object : View

Products Affected

prestashop

m4_pdf

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2022-45448", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2023-09-20T13:15:11.180", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pdf-plugin-prestashop-sites", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter."}, {"lang": "es", "value": "El complemento M4 PDF para sitios Prestashop, en su versi\u00f3n 3.2.3 y anteriores, es vulnerable a la creaci\u00f3n de Documentos HTML arbitraria. El recurso /m4pdf/pdf.php utiliza plantillas para crear documentos din\u00e1micamente. En el caso de que la plantilla no exista, la aplicaci\u00f3n devolver\u00e1 un documento fijo con un mensaje en formato mpdf. Un atacante podr\u00eda aprovechar esta vulnerabilidad ingresando un documento HTML/CSS v\u00e1lido como valor del par\u00e1metro."}], "lastModified": "2023-09-22T19:33:28.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prestashop:m4_pdf:*:*:*:*:*:prestashop:*:*", "vulnerable": true, "matchCriteriaId": "6AE55D08-63EE-42F3-8149-D8D50E478B65", "versionEndIncluding": "3.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}