Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20992
HistoryDec 10, 2008 - 12:00 a.m.

Two XSS Flaws in PrestaShop 1.1.0.3

2008-12-1000:00:00
vulners.com
55
JSON

Affects PrestaShop 1.1.0.3
product: homepage: http://prestashop.com

This is XSS in the URI of PrestaShop. Trust no one, not even your $_SERVER[PHP_SELF] .

http://10.1.1.155/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealert(1)%3C/script%3E

Add an item to the shoping cart and then vist this url:
http://10.1.1.155/Audit/Commerce/prestashop_1.1.0.3/order.php/%22%3Cscript%3Ealert(1)%3C/script%3E

Peace

JSON