First published: Thu Feb 13 2020(Updated: )
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | <1.4.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4791 is a vulnerability in PrestaShop before version 1.4.11 that allows Logistician, translators, and other low-level profiles/accounts to inject a persistent XSS vector on TinyMCE.
CVE-2013-4791 affects PrestaShop versions before 1.4.11, allowing certain profiles/accounts to inject a persistent XSS vector on TinyMCE.
The severity of CVE-2013-4791 is medium with a CVSS score of 5.4.
To fix CVE-2013-4791 in PrestaShop, it is recommended to upgrade to version 1.4.11 or later.
More information about CVE-2013-4791 can be found at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2013-4791), [Blog Post](http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html), [GitHub Advisory](https://github.com/advisories/GHSA-crpg-2mm2-jjqf).