CVE-2012-6641

Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to "parameter names and values."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
prestashopprestashop
𝑥
≤ 1.4.7.1
prestashopprestashop
1.4.0.1
prestashopprestashop
1.4.0.2
prestashopprestashop
1.4.0.3
prestashopprestashop
1.4.0.4
prestashopprestashop
1.4.0.5
prestashopprestashop
1.4.0.6
prestashopprestashop
1.4.0.7
prestashopprestashop
1.4.0.8
prestashopprestashop
1.4.0.9
prestashopprestashop
1.4.0.10
prestashopprestashop
1.4.0.11
prestashopprestashop
1.4.0.12
prestashopprestashop
1.4.0.13
prestashopprestashop
1.4.0.14
prestashopprestashop
1.4.0.15
prestashopprestashop
1.4.0.16
prestashopprestashop
1.4.0.17
prestashopprestashop
1.4.1.0
prestashopprestashop
1.4.2.4
prestashopprestashop
1.4.2.5
prestashopprestashop
1.4.3.0
prestashopprestashop
1.4.4.0
prestashopprestashop
1.4.4.1
prestashopprestashop
1.4.5.1
prestashopprestashop
1.4.6.1
prestashopprestashop
1.4.6.2
prestashopprestashop
1.4.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/48036
http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2
http://www.securityfocus.com/bid/52962
https://exchange.xforce.ibmcloud.com/vulnerabilities/74773
http://secunia.com/advisories/48036
http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2
http://www.securityfocus.com/bid/52962
https://exchange.xforce.ibmcloud.com/vulnerabilities/74773