Описание
PrestaShop XSS injection through Validate::isCleanHTML method
Impact
xss injection through isCleanHTML method
Patches
1.7.8.10 8.0.5 8.1.1
Found by
Aleksey Solovev (Positive Technologies)
Workarounds
References
Пакеты
Наименование
prestashop/prestashop
composer
Затронутые версииВерсия исправления
= 8.1.0
8.1.1
Наименование
prestashop/prestashop
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.0.5
8.0.5
Наименование
prestashop/prestashop
composer
Затронутые версииВерсия исправления
< 1.7.8.10
1.7.8.10
Связанные уязвимости
CVSS3: 8.3
nvd
около 2 лет назад
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.