security-advisories
security-advisories copied to clipboard
friends-of-presta
Format standardization for Product and Impacted release fields
Some reports data could be standardize for better organization. Here the complete list of issues found related to modules, for example Product names in capital letters or not allowed chars, Impacted release field with multiple structures. My comments for each case in italics:
Product: creativepopup Impacted release: <= 1.6.9 (1.6.10 fixed the vulnerability) double spaces
Product: sitologapplicationconnect Impacted release: <= 7.8.a (ALL VERSIONS) incorrect version value
Product: opartmultihtmlblock and multihtmlblock* sub-modules incorrect module name values, could be better comma separated or individual reports for each one (like in the case of jms modules)? Impacted release: For opartmultihtmlblock <= 2.0.11 (Fixed in 2.0.12), for multihtmlblock* : = 1.0.0 incorrect version value
Product: simpleimportproduct Impacted release: incorrect version value
Product: SimpleImportProduct / UpdateProducts incorrect module name value Impacted release: < 6.4.0 / < v3.8.1 incorrect version range value
Product: ajaxmanager Impacted release: All versions (No fix provided. Still vulnerable in the latest version 2.3.0) incorrect version range value
Product: payplug Impacted release: 3.6.0,3.6.1,3.6.2,3.6.3,3.7.0,3.7.1 (fixed in 3.8.2) incorrect version range value
Product: envoimoinscher Impacted release: > 3.1.10,<= 3.3.8 (latest version, not fixed, deprecated module to remove or to replac incorrect version range value
Product: leocustomajax Impacted release: = 1.0 (May also be identified as 1.0.0) incorrect version number value
Product: cityautocomplete Impacted release: PS 1.5/1.6 : < 1.8.12 (fixed in version 1.8.12), PS 1.7 : < 2.0.3 (fixed in vers incorrect version range value
Product: King-Avis incorrect module name value Impacted release: < 17.3.15
Product: scfixmyprestashop Impacted release: ALL VERSIONS incorrect version value
Product: shoppingfeed Impacted release: from 1.4.0 to 1.8.2 (1.8.3 fix the issue). incorrect version range value
Product: eo_tags Impacted release: >= 1.2.0, < 1.4.19 (1.4.19 fixed the vulnerability) incorrect version range value
Product: jmsblog Impacted release: at least 2.5.5 and 2.5.6 incorrect version range value
Product: jmsmegamenu Impacted release: at least 1.1.x and 2.0.x incorrect version range value
Product: jmspagebuilder Impacted release: at least 3.x incorrect version range value
Product: jmsslider Impacted release: at least 1.6.0 incorrect version range value
Product: jmsthemelayout Impacted release: at least 2.5.5 incorrect version range value
Product: jmsvermegamenu Impacted release: at least 1.1.x and 2.0.x incorrect version range value
Product: stripejs (*) incorrect module name value Impacted release: < 4.5.5 (4.5.5 fixed the vulnerability)
Product: totadministrativemandate Impacted release: >= 1.2.1, < 1.7.2 incorrect version range value
Product: correosoficial Impacted release: >= 1.1.0, < 1.2.0 incorrect version range value
Product: lgcookieslaw Impacted release: >= 1.5.0, < 2.1.3 (2.1.3 fixed the vulnerability) incorrect version range value
Product: NdkAdvancedCustomizationFields incorrect module name value Impacted release: <= 3.5.0
Product: SmartBlog incorrect module name value Impacted release: < 4.0.6
