Unrated severityNVD Advisory· Published Sep 20, 2023· Updated Sep 6, 2024
Cross-site Scripting in M4 PDF plugin for Prestashop sites
CVE-2022-45448
Description
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.2.3
- Prestashop/M4 PDF pluginv5Range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.