Description

Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

Remediation

References

CVE-2008-6503

Related Vulnerabilities

Jenkins Improper Input Validation Vulnerability (CVE-2017-1000401)

OpenSSL Other Vulnerability (CVE-2014-3505)

MySQL CVE-2021-2213 Vulnerability (CVE-2021-2213)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1948)

osCommerce Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-27976)

Severity

Medium

Classification

CVE-2008-6503 CWE-707

Tags

Missing Update Known Vulnerabilities