Lucene search
+L

4 matches found

Circl
Circl
added 2023/04/25 10:25 p.m.7 views

CVE-2023-30838

creationtimestamp| type| source ---|---|--- 2023-04-25 22:25:27+00:00| seen| https://t.me/cibsecurity/62840 2023-04-27 19:58:34+00:00| seen| https://t.me/truesecator/4331...

9.9CVSS8.7AI score0.01037EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/04/25 6:22 p.m.35 views

CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

8.5CVSS8.7AI score0.01037EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/04/25 6:22 p.m.11 views

CVE-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

8.5CVSS5.2AI score0.01037EPSS
Exploits2References3
CVE
CVE
added 2023/04/25 6:22 p.m.133 views

CVE-2023-30838

PrestaShop suffers a XSS vulnerability (CVE-2023-30838) where ValidateCore::isCleanHTML() misses hijackable events, allowing attribute hijacking via pre-setup @keyframes. Affected versions are prior to 8.0.4 and 1.7.8.9. The issue can be triggered without user interaction, potentially impacting a...

9.9CVSS8.5AI score0.01037EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder