EUVD-2024-0457

Malicious code in bioql PyPI...

BIT-PRESTASHOP-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method

PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...

BIT-PRESTASHOP-2024-21627 Some attribute not escaped in Validate::isCleanHTML method

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

PrestaShop cross-site scripting vulnerability (CNVD-2024-03224)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop versions prior to 8.1.3. Th...

PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)

Impact The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer sessio...

GHSA-XGPM-Q3MQ-46RQ PrestaShop some attribute not escaped in Validate::isCleanHTML method

Description Some event attributes are not detected by the isCleanHTML method Impact Some modules using the isCleanHTML method could be vulnerable to xss Patches 8.1.3, 1.7.8.11 Workarounds The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library...

Cross-site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting. The vulnerability is due to the isCleanHtml function within Validate.php because it does not adequately identify and filter out HTML attributes and Unicode characters, which allows an attacker to inject malicious scripts, leading to...

CVE-2024-21627 Some attribute not escaped in Validate::isCleanHTML method

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

PrestaShop 跨站脚本漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop versions prior to 8.1.3. Th...

PT-2024-18978 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.3 PrestaShop versions prior to 1.7.8.11 Description: PrestaShop is an open-source e-commerce platform. Some event attributes are not detected by the isCleanHTML method, which could make some modules using this...

PrestaShop XSS injection through Validate::isCleanHTML method

Impact xss injection through isCleanHTML method Patches 1.7.8.10 8.0.5 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds References...

GHSA-XW2R-F8XV-C8XP PrestaShop XSS injection through Validate::isCleanHTML method

Impact xss injection through isCleanHTML method Patches 1.7.8.10 8.0.5 8.1.1 Found by Aleksey Solovev Positive Technologies Workarounds References...

Cross-site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to missing restricted html tags in the isCleanHTML method of Validate.php which allows an attacker to inject and execute malicious Javascript...

Cross site scripting

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

CVE-2023-39527 PrestaShop XSS vulnerability through Validate::isCleanHTML method

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the isCleanHTML method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds...

PT-2023-26998 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.7.8.10 PrestaShop versions prior to 8.0.5 PrestaShop versions prior to 8.1.1 Description: PrestaShop is an open source e-commerce web application. The issue concerns cross-site scripting through the isCleanHTML...

PrestaShop Security Breach

PrestaShop is a set of open source e-commerce solutions from PrestaShop, USA. The solution provides multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop, which stems from a cross-site scripting XSS vulnerability in the isCleanHTML...

GHSA-FH7R-996Q-GVCP Possible XSS injection through Validate::isCleanHTML method

Impact ValidateCore::isCleanHTML method of Prestashop misses hijickable events which can lead to XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS which hijacks HTML attributes will be triggered without any interaction of the visitor/administrator which makes it as...

Possible XSS injection through Validate::isCleanHTML method

Impact ValidateCore::isCleanHTML method of Prestashop misses hijickable events which can lead to XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS which hijacks HTML attributes will be triggered without any interaction of the visitor/administrator which makes it as...