CVE-2025-1230

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 12, 2025

CWE ID 79

Summary

CVE-2025-1230 is a critical Stored Cross-Site Scripting (XSS) vulnerability affecting Prestashop version 8.1.7. The issue arises due to inadequate input validation for the 'link' parameter in '/<admin_directory>/index.php'. An attacker can exploit this flaw by sending a maliciously crafted query to an authenticated user, potentially stealing their cookie session details and gaining unauthorized access to their account. This vulnerability poses a significant risk and requires immediate patching to prevent potential data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PrestaShop

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3QfUIZ
https://www.cve.org/CVERecord?id=CVE-2025-1230
https://nvd.nist.gov/vuln/detail/CVE-2025-1230

Back to Vulnerability Database

CVE-2025-1230

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations