PrestaShop is an e-commerce solution which is free and open source. It supports payment gateways such as Google Checkout, Authorize.net, Skrill, PayPal and Payments Pro via API. Further payment modules are offered commercially.
Sow Ching Shiong, an independent vulnerability researcher has identified a Cross-Site Scripting vulnerability in PrestaShop. This issue was discovered in a default installation of PrestaShop 1.3.3. Other earlier versions may also be affected.
Proof of concept
Update to version 1.3.4 or later.
Vendor URL: http://www.prestashop.com/en/developers-versions/changelog/184.108.40.206
2010-12-06 - Vulnerability discovered.
2010-12-06 - Vulnerability reported to Secunia.
2010-12-10 - Secunia confirmed the vulnerability and contacted the vendor.
2010-12-22 - Patch released.
2010-12-22 - Advisory published by Secunia.