logo

Database

Reflected cross-site scripting (XSS) In prestashop/prestashop

Description

PrestaShop XSS Vulnerability PrestaShop before 1.5.2.0 allows XSS via the <object data='data:text/html substring in the message field.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2012-200012. NVD-2012-200013. OSV-2012-200014. GCVE-2012-20001

References

1. https://seclists.org/bugtraq/2012/Nov/12. https://web.archive.org/web/20140803034142/http://forge.prestashop.com/browse/PSCFV-52043. https://web.archive.org/web/20160305224628/http://davidsopas.com/labs/prestashop_xss.txt

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.