Guideline to submit a complete new PrestaShop module CVE

If the vulnerability is NOT already public, please contact security/at/friendsofpresta.org
Don't publish a Pull Request as long as you received your CVE-ID

Go to the CVE request form
Select a request type: Report Vulnerability/Request CVE ID
Fill your email
Enter a PGP Key (to encrypt): (optional)
Number of vulnerabilities reported or IDs requested (1-10): 1
Accept conditions
Vulnerability type: (choose the type closest to your request)
Vendor of the product(s): (author of the module)
Affected product(s)/code base:
1. (module folder name)
2. (affected versions)
Has vendor confirmed or acknowledged the vulnerability?: (If you contacted the vendor about the vulnerability does he responded to you ? )
1. {règles à définir en délai d'attente + nb de relances ?}
Attack type: (in most cases Local. If XSS prefer Physical)
Impact: (XSS,SQL Injection in most cases Code Excecution and Escalation of Privileges . Other case Information Disclosure and/or Other)
Affected components: (list all sensitive files)
Attack vector(s): (example curl -v 'https://preprod.XXX/modules/impactedmodule/ajax.php?token=\'.die("22")')
Suggested description of the vulnerability for use in the CVE info: (you can fill it with text and description of your advisory file)
Discoverer(s)/Credits: (keep empty)
Reference(s): (Links about the module. Module page would be the best but the domain of creator's module website could be good too)
Additional information: (optional)
Submit

After you received your CVE-ID go to the CVE request form
Select a request type: Notify CVE about a publication
Fill your email
Enter a PGP Key (to encrypt): (optional)
Link to the advisory: (the fop page url about your CVE or your own website article/post)
CVE IDs of vulnerabilities to be published: (list of associated CVE-ID)
Additional information and CVE ID description updates: (explain why you do this update)
Date published (e.g., mm/dd/yyyy): (optional)
Submit

Provide feedback