Unrated severityNVD Advisory· Published Sep 24, 2020· Updated Aug 4, 2024

Potential XSS in PrestaShop

CVE-2020-15161

Description

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

Affected products

Prestashop/Prestashopv5
Range: > 1.6.0.4, < 1.7.6.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/PrestaShop/PrestaShop/commit/562a231fec18a928e4a601860416fe11af274672mitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8mitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-5cp2-r794-w37wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000