3 matches found
BIT-PRESTASHOP-2023-30838 PrestaShop vulnerable to possible XSS injection through Validate::isCleanHTML method
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the ValidateCore::isCleanHTML method of Prestashop misses hijackable events which can lead to cross-site scripting XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS, which...
GHSA-FH7R-996Q-GVCP Possible XSS injection through Validate::isCleanHTML method
Impact ValidateCore::isCleanHTML method of Prestashop misses hijickable events which can lead to XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS which hijacks HTML attributes will be triggered without any interaction of the visitor/administrator which makes it as...
Possible XSS injection through Validate::isCleanHTML method
Impact ValidateCore::isCleanHTML method of Prestashop misses hijickable events which can lead to XSS injection, allowed by the presence of pre-setup @keyframes methods. This XSS which hijacks HTML attributes will be triggered without any interaction of the visitor/administrator which makes it as...