CVE-2012-2517

MEDIUM

PrestaShop <1.4.9 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · htmlwebappsphp

https://www.exploit-db.com/exploits/37684

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.htbridge.com/advisory/HTB23091

[Release Notes, Vendor Advisory] https://www.prestashop.com/download/old/changelog_1.4.9.0.txt

Scores

CVSS v3 6.1

EPSS 0.0086

EPSS Percentile 75.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

prestashop/prestashop < 1.4.9.0

Published Feb 11, 2020

Tracked Since Feb 18, 2026