Jump to content

Recommended Posts

The vulnerable code is found in the template file of the manufacturer block(modules\blockmanufacturer\blockmanufacturer.tpl), where in the following: <form action="{$smarty.server.SCRIPT_NAME}" method="get"> it is printed the current path of the script without checking if it contains any malicious code. In order to patch this vulnerability you have to replace the following: {$smarty.server.SCRIPT_NAME} with {$smarty.server.SCRIPT_NAME|escape:'htmlall':'UTF-8'} and after that empty the cache and compile folders inside tools\smarty\ and re-compile smarty from admin panel: Preferences -> Performance -> Tick yes for Force compile and No for Cache -> Save -> reload the default page of Prestashop -> put the Performance settings back to original -> Save -> Done


More details at : Prestashop XSS

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...