Progi1984

2 exploits Active since Jul 2020

CVE-2020-11074 WRITEUP MEDIUM WRITEUP

PrestaShop 1.5.3.0-1.7.6.6 - Stored Cross-Site Scripting via Quick Access Item Name

In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.

CVSS 5.4

View Code

CVE-2025-48882 WRITEUP HIGH WRITEUP

PHPOffice Math < 0.3.0 - XML External Entity Injection via libxml DTDLOAD Flag

PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.

View Code