Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:27909
HistoryNov 17, 2020 - 5:16 a.m.

Cross-Site Scripting (XSS)

2020-11-1705:16:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
prestashop
productcomments
cross-site scripting
xss
remote attacker
arbitrary javascript
browser
parameters
application
content-type
server response
application/json
vulnerability
html
unescaped.

EPSS

0.001

Percentile

29.3%

JSON

prestashop/productcomments is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via various parameters within the application. The vulnerability exists as the content-type of the server response is not set to application/json, causing the browser to interpret the JSON response as HTML and render any unescaped HTML.

Related

osv 2
github 1
cvelist 1
cve 1
prion 1
veracode 1
nvd 1
osv
osv
CVE-2020-26225
2020-11-16 22:15:12
Reflected XSS with parameters in PostComment
2020-11-16 21:23:29
github
github
Reflected XSS with parameters in PostComment
2020-11-16 21:23:29
cvelist
cvelist
CVE-2020-26225 Reflected XSS in PrestaShop Product Comments
2020-11-16 21:35:13
cve
cve
CVE-2020-26225
2020-11-16 22:15:12
prion
prion
Design/Logic Flaw
2020-11-16 22:15:00
veracode
veracode
Cross-site Scripting (XSS)
2020-11-18 05:30:21
nvd
nvd
CVE-2020-26225
2020-11-16 22:15:12

EPSS

0.001

Percentile

29.3%

JSON
Related for VERACODE:27909
osv2github1cvelist1cve1prion1veracode1nvd1