WEB APPLICATION VULNERABILITIES Standard & Premium

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4791)

Description

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.

Remediation

References

Related Vulnerabilities

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login SQL Injection (5.0.2.1)

YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3004)

WordPress Plugin Front End Upload 'upload.php' Arbitrary File Upload (0.5.3)

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

Dot CMS Other Vulnerability (CVE-2022-26352)

Severity

Medium

Classification

CVE-2013-4791 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities