Vulnerability Description
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | M4 Pdf | <= 3.2.3 |
Related Weaknesses (CWE)
References
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pThird Party Advisory
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-m4-pThird Party Advisory
FAQ
What is CVE-2022-45448?
CVE-2022-45448 is a vulnerability with a CVSS score of 3.5 (LOW). M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically creat...
How severe is CVE-2022-45448?
CVE-2022-45448 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45448?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop M4 Pdf.