CVE-2024-25841

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25841
In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html Product
https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html Exploit Third Party Advisory
https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html Product
https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:common-services:so_flexibilite:*:*:*:*:*:prestashop:*:*
History

23 May 2025, 15:39

Type Values Removed Values Added
First Time Common-services
Common-services so Flexibilite
CPE cpe:2.3:a:common-services:so_flexibilite:*:*:*:*:*:prestashop:*:*
References () https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html - () https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html - Product
References () https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html - () https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html - Exploit, Third Party Advisory

21 Nov 2024, 09:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9
CWE CWE-79
References () https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html - () https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html -
References () https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html - () https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html -

27 Feb 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-27 17:15

Updated : 2025-05-23 15:39

NVD link : CVE-2024-25841

Mitre link : CVE-2024-25841

CVE.ORG link : CVE-2024-25841

JSON object : View

Products Affected

common-services

  • so_flexibilite
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')