PT-2020-7509 · Tinymce+1 · Tinymce+1

David Sopas

Published

2020-02-13

Updated

2022-05-05

CVE-2013-4791

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.4.11

Description: The issue allows low-level profiles, such as Logistician and translators, to inject a persistent XSS vector on TinyMCE.

Recommendations: For versions prior to 1.4.11, update to version 1.4.11 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2013-4791

GHSA-CRPG-2MM2-JJQF

Prestashop

Tinymce