PrestaShop versions 1.4.7, 1.4.8 and probably prior is vulnerable to cross-site scripting attacks. These days information about this vulnerability were published (HTB23091) by High-Tech Bridge Security Research Lab.
Cross-Site Scripting (XSS) vulnerability in PrestaShop (CVE-2012-2517) existed because input passed via the "product" POST parameter to "ajax.php" script is not properly sanitised before being returned to the user. According to Security Glossary, XSS (Cross Site Scripting) is a web application vulnerability that allows to inject arbitrary HTML or scripting code into the web page content.
PrestaShop is the most reliable and flexible Free Open-source e-commerce software. Since 2007, PrestaShop has revolutionized the industry by providing features that engage shoppers and increase online sales.
Founded vulnerability is now fixed, all users can update their installations to PrestaShop v1.4.9.
On High-Tech Bridge's facebook page we can see, that "XSS & CSRF: Exploitation pratique des vulnérabilités" article was published by Hakin9 Magazine. I wish you a pleasant reading.
No comments:
Post a Comment