An issue is discovered in PrestaShop version 1.7.6.7 under the Catelog feature when using the file-upload functionality for uploading the Files for various products. This issue exists because it fails to implement file content checks and improperly handles the output, resulting in cross-site scripting attack that leads to cookie stealing or malicious actions.
Steps to Reproduce
Go to Catelog feature
Click on File component and add the details accordingly.
Create a file with .html extension and enter the payload
<script>alert('XSS!!');</script>within it. (Here its, uplod.html)
Upload the file
Login as customer and click on the file uploaded for the particular product.
Am I wrong if I guess that you had a look at our newly opened bug bounty and that you found this while bug hunting, but since the CVS score is low, you reported it here ?
This is something we already received on the Bug Bounty program.
Unfortunately, this is not a security issue, as we allow to upload any files we wanted, (it's the same for SVG files), any users with admin employee can upload this kind of file, like he's able to upload a module or a theme with comprised data.
An issue is discovered in PrestaShop version 1.7.6.7 under the Catelog feature when using the file-upload functionality for uploading the Files for various products. This issue exists because it fails to implement file content checks and improperly handles the output, resulting in cross-site scripting attack that leads to cookie stealing or malicious actions.
Steps to Reproduce
CVSS Score:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
The text was updated successfully, but these errors were encountered: