How severe is CVE-2025-24027?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2025-24027?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-24027

MEDIUM Year: 2025

CVSS v3 Score

6.2

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update.

CVE-2020-5317

MEDIUM

CVSS:6.2(Medium)

Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted appl...

CWE-792020

CVE-2020-6973

MEDIUM

CVSS:6.2(Medium)

Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (82002228_K 08/09/2018), bios Version 1.2. Multiple cross-site scripting vulnerabilities exist that could allow an attacker to cause a...

CWE-792020

CVE-2022-38802

MEDIUM

CVSS:6.2(Medium)

Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can re...

CWE-792022

CVE-2024-36064

MEDIUM

CVSS:6.2(Medium)

The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interac...

CWE-792024

CVE-2024-47863

MEDIUM

CVSS:6.2(Medium)

An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the use...

CWE-792024

CVE-2018-15641

MEDIUM

CVSS:6.3(Medium)

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...

CWE-792018

CVE-2025-24027

Vulnerability Description

Related Vulnerabilities

CVE-2020-5317

CVE-2020-6973

CVE-2022-38802

CVE-2024-36064

CVE-2024-47863

CVE-2018-15641