PrestaShop, the open-source e-commerce platform, faced issues in detecting certain event attributes through the isCleanHTML method before versions 8.1.3 and 1.7.8.11. This flaw posed a potential vulnerability in modules utilizing the isCleanHTML method for cross-site scripting. Versions 8.1.3 and 1.7.8.11 include a fix for this concern. The recommended solution involves using the HTMLPurifier library to sanitize HTML inputs from users, already present as a dependency in the PrestaShop project. However, caution is advised, as fields of HTML type in legacy object models trigger the isCleanHTML method.

Updating to the latest version is strongly advised.

Comments