Headline
GHSA-xw2r-f8xv-c8xp: PrestaShop XSS injection through Validate::isCleanHTML method
Impact
xss injection through isCleanHTML method
Patches
1.7.8.10 8.0.5 8.1.1
Found by
Aleksey Solovev (Positive Technologies)
Workarounds
References
PrestaShop XSS injection through Validate::isCleanHTML method
High severity GitHub Reviewed Published Aug 7, 2023 in PrestaShop/PrestaShop • Updated Aug 9, 2023
Related news
CVE-2023-39527: New possible XSS injection through Validate::isCleanHTML method
PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.