2 matches found
CVE-2023-25170 PrestaShop has possible CSRF token fixation
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery CSRF. When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to...
CVE-2023-25170
PrestaShop prior to version 8.0.1 is vulnerable to Cross-site request forgery (CSRF) due to CSRF tokens not being cleared on login, allowing potential session-fixation-like attacks by attackers with network access. Affected component is the authentication/session management flow; root cause is to...