Description

Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

Remediation

References

CVE-2008-6503

Related Vulnerabilities

WordPress Plugin SlideDeck 2 Lite Responsive Content Slider Cross-Site Scripting (2.3.18)

WordPress Plugin WP ERP-Complete WordPress Business Manager with HR, CRM & Accounting Systems for Small Businesses Cross-Site Request Forgery (1.6.3)

WordPress Plugin WP-reCAPTCHA Cross-Site Scripting (3.1.3)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)

WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)

Severity

Medium

Classification

CVE-2008-6503 CWE-707

Tags

Missing Update Known Vulnerabilities