CVE-2020-15162

State: PUBLISHED · Published: 2020-09-24 · Updated: 2024-08-04 · Assigner: GitHub_M

Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

CWE

CWE-79 — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

PrestaShop / PrestaShop — v=> 1.5.0.0, < 1.7.6.8 [affected]

CVSS

3.1 score=5.4 severity=MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References

https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8 x_refsource_MISC
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392 x_refsource_CONFIRM
https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf x_refsource_MISC

Source

cvelistV5-main/cves/2020/15xxx/CVE-2020-15162.json