4 matches found
CVE-2023-30838
creationtimestamp| type| source ---|---|--- 2023-04-25 22:25:27+00:00| seen| https://t.me/cibsecurity/62840 2023-04-27 19:58:34+00:00| seen| https://t.me/truesecator/4331...
CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...
CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...
CVE-2023-30838
PrestaShop suffers a XSS vulnerability (CVE-2023-30838) where ValidateCore::isCleanHTML() misses hijackable events, allowing attribute hijacking via pre-setup @keyframes. Affected versions are prior to 8.0.4 and 1.7.8.9. The issue can be triggered without user interaction, potentially impacting a...