Description

Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

Remediation

References

CVE-2008-6503

Related Vulnerabilities

qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8390)

Oracle HTTP Server Improper Restriction of XML External Entity Reference Vulnerability (CVE-2018-20843)

WordPress Plugin Login with Cognito Cross-Site Scripting (1.4.3)

WebLogic CVE-2020-2828 Vulnerability (CVE-2020-2828)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8138)

Severity

Medium

Classification

CVE-2008-6503 CWE-707

Tags

Missing Update Known Vulnerabilities