CVE-2012-20001

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 1.5.2

Description The issue allows for cross-site scripting (XSS) attacks via the <object data='data:text/html substring in the message field. This enables potential attackers to inject malicious scripts into the website.

Recommendations For PrestaShop versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting user input in the message field to prevent the injection of malicious scripts.