WebCoderBiz

the 1.5 build has some redirection settings that mitigate the xss vector that I used for 1.4, but you can try some combinations to bypass it

The vulnerable code is found in the template file of the manufacturer block(modules\blockmanufacturer\blockmanufacturer.tpl), where in the following: <form action="{$smarty.server.SCRIPT_NAME}" method="get"> it is printed the current path of the script without checking if it contains any malicious code. In order to patch this vulnerability you have to replace the following: {$smarty.server.SCRIPT_NAME} with {$smarty.server.SCRIPT_NAME|escape:'htmlall':'UTF-8'} and after that empty the cache and compile folders inside tools\smarty\ and re-compile smarty from admin panel: Preferences -> Performance -> Tick yes for Force compile and No for Cache -> Save -> reload the default page of Prestashop -> put the Performance settings back to original -> Save -> Done More details at : Prestashop XSS