Description
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.101)
WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.6.4)
WordPress Plugin Dbox 3D Slider Lite SQL Injection (1.2.2)
PHP Improper Input Validation Vulnerability (CVE-2011-1470)
WordPress Plugin Donate by BestWebSoft Cross-Site Scripting (2.0.1)