Unrated severityNVD Advisory· Published Sep 24, 2020· Updated Aug 4, 2024

Stored XSS in PrestaShop

CVE-2020-15162

Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

Affected products

Prestashop/Prestashopv5
Range: > 1.5.0.0, < 1.7.6.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cfmitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8mitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000