Description

Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.

Remediation

References

CVE-2015-1175

Related Vulnerabilities

XWiki Insufficiently Protected Credentials Vulnerability (CVE-2022-41933)

WordPress Plugin VideoWhisper Video Conference Integration 'vw_upload.php' Arbitrary File Upload (4.51)

WordPress Plugin HUSKY-Products Filter Professional for WooCommerce Multiple Vulnerabilities (1.1.9)

WordPress Plugin Live Chat with Facebook Messenger Cross-Site Scripting (1.4.4)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3742)

Severity

Medium

Classification

CVE-2015-1175 CWE-707

Tags

Missing Update Known Vulnerabilities