Description
Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14885)
Moodle Improper Input Validation Vulnerability (CVE-2012-1168)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2141)
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3271)