First published: Tue Jan 02 2024(Updated: )
### Description Some event attributes are not detected by the isCleanHTML method ### Impact Some modules using the isCleanHTML method could be vulnerable to xss ### Patches 8.1.3, 1.7.8.11 ### Workarounds The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. ### Reporters Reported by Antonio Russo (@Antonio-R1 on GitHub) and Antonio Rocco Spataro (@antoniospataro on GitHub).
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/prestashop/prestashop | <1.7.8.11 | 1.7.8.11 |
composer/prestashop/prestashop | >=8.0.0-beta.1<8.1.3 | 8.1.3 |
Prestashop Prestashop | <1.7.8.11 | |
Prestashop Prestashop | >=8.0.0<8.1.3 | |
<1.7.8.11 | ||
>=8.0.0<8.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.