Cross site scripting

2020-02-1400:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.

CPENameOperatorVersion
prestashoplt1.4.11

CPE	Name	Operator	Version
	prestashop	lt	1.4.11

References

davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html