Description

Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

Remediation

References

CVE-2008-6503

Related Vulnerabilities

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)

Moodle Improper Input Validation Vulnerability (CVE-2012-1168)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-47184)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2141)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3271)

Severity

Medium

Classification

CVE-2008-6503 CWE-707

Tags

Missing Update Known Vulnerabilities