CVE-2013-4792EUVD-2013-463714.02.2020, 00:15PrestaShop before 1.4.11 allows logout CSRF.CSRFEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary5.5 MEDIUMNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LBase ScoreCVSS 3.xEPSS ScorePercentile: 26%Affected Products (NVD)VendorProductVersionprestashopprestashop𝑥< 1.4.11𝑥= Vulnerable software versionsKnown Exploits!http://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.htmlhttp://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.htmlCommon Weakness EnumerationCWE-352 - Cross-Site Request Forgery (CSRF)The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Referenceshttp://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.htmlhttp://davidsopaslabs.blogspot.com/2013/07/prestashop-persistent-xss-and-csrf.html