CVE-2023-39676
published 2023-09-08CVE-2023-39676: FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at…
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.34%
67.8th percentile
FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fieldthemes | fieldpopupnewsletter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2023-39676 [MEDIUM] PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
Template:
id: CVE-2023-39676
info:
name: PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
author: meme-lord
severity: medium
description: |
Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading
2023-09-08
Published