Lucene search
Veracode Vulnerability DatabaseVERACODE:40522HistoryMay 15, 2023 - 5:25 a.m.
Cross-Site Scripting (XSS)
2023-05-1505:25:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
prestashop
cross-site scripting
xss
event sanitization
validate.php
arbitrary javascript
0.002 Low
EPSS
Percentile
58.6%
prestashop/prestashop is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of event sanitization in the $events parameter of Validate.php which allows an attacker to inject and execute arbitrary JavaScript into the browser.
References
github.com/advisories/GHSA-fh7r-996q-gvcp
github.com/PrestaShop/PrestaShop/commit/46408ae4b02f3b8b1bb6e9dc63af5bcd858abd9c
github.com/PrestaShop/PrestaShop/commit/dc682192df0e4b0d656a8e645b29ca1b9dbe3693
github.com/PrestaShop/PrestaShop/releases/tag/1.7.8.9
github.com/PrestaShop/PrestaShop/releases/tag/8.0.4
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fh7r-996q-gvcp
Related
cve
cve
CVE-2023-30838
2023-04-25 19:15:11
osv
osv
CVE-2023-30838
2023-04-25 19:15:11
BIT-prestashop-2023-30838
2024-03-06 11:04:42
Possible XSS injection through Validate::isCleanHTML method
2023-04-25 19:47:05
prion
prion
Cross site scripting
2023-04-25 19:15:00
github
github
Possible XSS injection through Validate::isCleanHTML method
2023-04-25 19:47:05
nvd
nvd
CVE-2023-30838
2023-04-25 19:15:11
cvelist
cvelist