Lucene search
K

4 matches found

OSV
OSV
added 2024/03/06 11:2 a.m.27 views

BIT-PRESTASHOP-2024-21628 XSS can be stored in DB from "add a message form" in order detail page (FO)

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

6.1CVSS5.5AI score0.00389EPSS
Exploits0References3
Prion
Prion
added 2024/01/02 10:15 p.m.18 views

Cross site scripting

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

5.8CVSS6.2AI score0.00389EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/06/24 3:15 p.m.18 views

CVE-2022-30119

XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-da...

6.1CVSS0.00847EPSS
Exploits0References3
Atlassian
Atlassian
added 2010/04/16 4:36 a.m.19 views

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

2.2AI score
Exploits0Affected Software1
Rows per page
Query Builder