Security Advisory

CVE-2025-1230

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-12 10:38:08

Last updated 2025-02-12 16:07:33

Assigner INCIBE

State PUBLISHED

Description

Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

← Browse all CVEs View on cve.org ↗