This host is installed with Prestashop and is prone to cross site scripting vulnerability.

Successful exploitation will allow remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

No solution or patch is available as of 18th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer https://www.prestashop.com

This flaw exists because /modules/blocklayered/blocklayered-ajax.php script does not validate input to the 'layered_price_slider' parameter before returning it to users.

Prestashop version 1.6.0.9 and earlier.

Send a crafted request via HTTP GET request and check whether it is able to read cookie or not.

• http://packetstormsecurity.com/files/130026
• http://www.osvdb.org/117364
• http://www.securityfocus.com/archive/1/archive/1/534511/100/0/threaded

---

Updated on 2015-03-25