Description
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
Remediation
References
Related Vulnerabilities
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)
Oracle Database Server CVE-2006-1875 Vulnerability (CVE-2006-1875)
Plone CMS Other Vulnerability (CVE-2006-1711)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2432)
WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)