logo

Database

OS Command Injection In prestashop/prestashop

Description

PrestaShop XSS injection through Validate::isCleanHTML method

Impact

xss injection through isCleanHTML method

Patches

1.7.8.10 8.0.5 8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-395272. NVD-2023-395273. OSV-2023-395274. GHSA-xw2r-f8xv-c8xp5. GCVE-2023-39527

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xw2r-f8xv-c8xp2. https://github.com/PrestaShop/PrestaShop/commit/afc14f8eaa058b3e6a20ac43e033ee2656fb88b4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.