CVE-2013-4791

PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type Values Removed Values Added
References () http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html - Exploit, Third Party Advisory () http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html - Exploit, Third Party Advisory

Information

Published : 2020-02-14 00:15

Updated : 2024-11-21 01:56


NVD link : CVE-2013-4791

Mitre link : CVE-2013-4791

CVE.ORG link : CVE-2013-4791


JSON object : View

Products Affected

prestashop

  • prestashop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')