CVE-2008-6503

Prestashop - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by th3.r00k.ieatpork · textwebappsphp
https://www.exploit-db.com/exploits/32648
exploitdb WRITEUP VERIFIED
by th3.r00k.ieatpork · textwebappsphp
https://www.exploit-db.com/exploits/32647

References (3)

Scores

EPSS 0.0069
EPSS Percentile 71.5%

Classification

CWE
CWE-79
Status published

Affected Products (2)

prestashop/prestashop
n/a/n/a

Timeline

Published Mar 20, 2009
Tracked Since Feb 18, 2026