VYPR
Unrated severityNVD Advisory· Published Sep 24, 2020· Updated Aug 4, 2024

Stored XSS in PrestaShop

CVE-2020-15162

Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

Affected products

2
  • Prestashop/Prestashopllm-fuzzy2 versions
    >=1.5.0.0, <1.7.6.8+ 1 more
    • (no CPE)range: >=1.5.0.0, <1.7.6.8
    • (no CPE)range: > 1.5.0.0, < 1.7.6.8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.