CVE-2012-20001 Information
Jun 07, 2022
cve
Description
PrestaShop before 1.5.2 allows XSS via the <object data=‘data:text/html\ substring in the message field.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://seclists.org/bugtraq/2012/Nov/1
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: