CVE-2011-4544 – PrestaShop 1.4.4.1 - '/admin/ajaxfilemanager/ajax_save_text.php' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4544

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Prestashop antes de v1.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) la dirección o (2) el parámetro relativ_base_dir a modules/mondialrelay/googlemap.php; tambien con los parámetros (3) relativ_base_dir, (4) Pays (5), Ville, (6) CP, (7) Poids, (8) Action, o (9) num para prestashop/modules/mondialrelay/googlemap.php; También el parámetro (10) num_mode a modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) el parámetro de la expedición a modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php, o los parámetros (12) folder o (13) name a admin/ajaxfilemanager/ajax_save_text.php. • https://www.exploit-db.com/exploits/36344 https://www.exploit-db.com/exploits/36342 https://www.exploit-db.com/exploits/36343 https://www.exploit-db.com/exploits/36341 http://www.securityfocus.com/bid/50784 https://www.dognaedis.com/vulns/DGS-SEC-5.html https://www.dognaedis.com/vulns/DGS-SEC-6.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •