Description
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin Form Builder-Create Responsive Contact Forms Cross-Site Scripting (1.9.8.4)
WordPress Plugin Custom 404 Pro Cross-Site Scripting (3.2.8)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-36160)
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)