Vulnerability Description
PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4.
CVSS Score
5.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | >= 8.1.0, < 8.1.4 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863Patch
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qprVendor Advisory
- https://owasp.org/www-community/attacks/Full_Path_DisclosureNot Applicable
- https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863Patch
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qprVendor Advisory
- https://owasp.org/www-community/attacks/Full_Path_DisclosureNot Applicable
FAQ
What is CVE-2024-26129?
CVE-2024-26129 is a vulnerability with a CVSS score of 5.8 (MEDIUM). PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in ve...
How severe is CVE-2024-26129?
CVE-2024-26129 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-26129?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.