Description

Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.

Remediation

References

CVE-2015-1175

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2006-4937)

WordPress Plugin Flexible Captcha Security Bypass (4.0)

PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17082)

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.1)

Severity

Medium

Classification

CVE-2015-1175 CWE-707

Tags

Missing Update Known Vulnerabilities