Description
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10202)
WordPress Plugin GD Star Rating 'de' Parameter SQL Injection (1.9.10)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)
WebLogic CVE-2018-3201 Vulnerability (CVE-2018-3201)
WordPress Plugin Integration for Contact Form 7 and Pipedrive Cross-Site Scripting (1.0.9)