CVE-2018-5681
https://notcve.org/view.php?id=CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. PrestaShop 1.7.2.4 tiene XSS mediante la edición de código fuente en la pantalla "Pages > Edit page". • http://forge.prestashop.com/browse/BOOM-4612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-5682
https://notcve.org/view.php?id=CVE-2018-5682
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message. PrestaShop 1.7.2.4 permite la enumeración de usuarios mediante la característica Reset Password, al notar qué intentos de restablecimiento no producen un mensaje de error "This account does not exist". • http://forge.prestashop.com/browse/BOOM-4613 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •