Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PrestaShop Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-4544 - Vulnerability Database
PrestaShop

PrestaShop Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-4544

Medium
Reference: CVE-2011-4544
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-4544
Title: PrestaShop Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php the (3) relativ_base_dir (4) Pays (5) Ville (6) CP (7) Poids (8) Action or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.