5
CVSSv2

CVE-2018-7491

Published: 26/02/2018 Updated: 22/03/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

In PrestaShop up to and including 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values.

Affected Products

Vendor Product Versions
PrestashopPrestashop1.7.2.5

Github Repositories

PrestaShop security vulnerability checker The library and the tool to check PrestaShop for vulnerabilities The tool home page and the support page: prestashopmodulezru The full description, how to use and the stable release for download are available there Report example PrestaShop security vulnerability checker (homepage: prestashopmodulezru/en/tools-scripts/70