VYPR
Unrated severityNVD Advisory· Published Sep 24, 2020· Updated Aug 4, 2024

Potential XSS in PrestaShop

CVE-2020-15161

Description

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

Affected products

2
  • Prestashop/Prestashopllm-fuzzy2 versions
    >=1.6.0.4, <1.7.6.8+ 1 more
    • (no CPE)range: >=1.6.0.4, <1.7.6.8
    • (no CPE)range: > 1.6.0.4, < 1.7.6.8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.