Description
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
Remediation
References
Related Vulnerabilities
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
phpList Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2916)
WordPress Plugin Calendar Event Multi View Multiple Vulnerabilities (1.1.4)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)