logo

Database

Server side cross-site scripting In prestashop/prestashop

Description

PrestaShop Stored Cross-Site Scripting Vulnerability PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2013-47912. NVD-2013-47913. OSV-2013-47914. GCVE-2013-4791

References

1. http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.