Description
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10890)
WordPress Plugin Lazyest Backup 'xml_or_all' Parameter Cross-Site Scripting (0.2.1)
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
Oracle Application Server Other Vulnerability (CVE-2007-0286)