Description

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

Remediation

References

CVE-2018-13784

Related Vulnerabilities

WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.1.5)

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner 'mosmsg' and 'option' Parameters Cross-Site Scripting Vulnerabilities (3.0)

Oracle Database Server CVE-2019-2484 Vulnerability (CVE-2019-2484)

Severity

Critical

Classification

CVE-2018-13784 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities