Cross-site Scripting (XSS) - Generic in thirtybees/thirtybees

Valid

Reported on

Nov 24th 2020


Description

Thirty bees is matured e-commerce solution which once started as a fork of PrestaShop 1.6.1.11 and is still compatible with (almost) all PS 1.6 modules. Its focus is on stability, correctness and reliability of the rich feature set, to allow merchants to focus on growing their business. this package is vulnerable to Stored Cross-Site Scripting (XSS).

https://github.com/thirtybees/thirtybees

Steps To Reproduce & POC

gdrive

Impact

Run any javascript payloads

to join this conversation