Description
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.
Remediation
References
Related Vulnerabilities
WordPress Plugin Livefyre Comments 3 Cross-Site Scripting (4.1.4)
WordPress Plugin WP Insightly for Contact Form 7 and Ninja Forms Cross-Site Scripting (1.0.7)
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0307)
Apache Tomcat version older than 6.0.36
Oracle HTTP Server CVE-2021-2480 Vulnerability (CVE-2021-2480)