VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 4, 2024

Reflected XSS on AdminAttributesGroups page of PrestaShop

CVE-2020-5265

Description

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.

Affected products

1

Patches

2
270ed6f80fad

Merge pull request #18659 from sowbiba/changelog-1765

https://github.com/prestashop/prestashopPablo BorowiczApr 17, 2020via osv
commit
1 file changed · +41 0
  • docs/CHANGELOG.txt+41 0 modified
    @@ -24,6 +24,47 @@ International Registered Trademark & Property of PrestaShop SA
 Release Notes for PrestaShop 1.7
 --------------------------------
 
+####################################
+#   v1.7.6.5 - (2020-04-17)
+####################################
+- Back Office:
+  - Bug fix:
+    - #18637: Fix sidebar not displayed in BO Add employee page (by @Progi1984)
+    - #18607: Fix wrong number of "Last emails" in BO - Customer View page (by @PululuK)
+    - #17920: Wrong redirection when using the quick search for a category (by @PululuK)
+    - #18064: Fix error when trying to translate Serbian using the BO interface (by @eternoendless)
+- Front Office:
+  - Bug fix:
+    - #18633: Convert cart rule value when order currency is different (by @sowbiba)
+    - #18493: Change product redirection rules to redirect to valid attribute url (by @jolelievre)
+    - #18103: Duplicate address when submitting a form with errors (by @PierreRambaud)
+- Core:
+  - Improvement:
+    - #18638: Update version to 1.7.6.5 (by @PierreRambaud)
+  - Bug fix:
+    - #GHSA-cvjj-grfv-f56w - Improper access control on product page with combinations, attachments and specific prices (by @PierreRambaud)
+    - #GHSA-4wxg-33h3-3w5r - Improper access control on product attributes page (by @PierreRambaud)
+    - #GHSA-r6rp-6gv6-r9hq - Improper access control on customers search (by @PierreRambaud)
+    - #GHSA-74vp-ww64-w2gm - Improper Access Control (by @PierreRambaud)
+    - #GHSA-98j8-hvjv-x47j - Reflected XSS related in import page (by @PierreRambaud)
+    - #GHSA-j3r6-33hf-m8wh - Reflected XSS with back parameter (by @PierreRambaud)
+    - #GHSA-mrpj-67mq-3fr5 - Reflected XSS on Exception page (by @PierreRambaud)
+    - #GHSA-q6pr-42v5-v97q - Reflected XSS on AdminCarts page (by @PierreRambaud)
+    - #GHSA-rpg3-f23r-jmqv - Reflected XSS on Search page (by @PierreRambaud)
+    - #GHSA-m2x6-c2c6-pjrx - Reflected XSS with dashboard calendar (by @PierreRambaud)
+    - #GHSA-375w-q56h-h7qc - Open redirection when using back parameter (by @PierreRambaud)
+    - #GHSA-87jh-7xpg-6v93 - Reflected XSS on AdminFeatures page (by @PierreRambaud)
+    - #GHSA-7fmr-5vcc-329j - Reflected XSS on AdminAttributesGroups page (by @PierreRambaud)
+    - #GHSA-48vj-vvr6-jj4f - Reflected XSS in security compromised page (by @PierreRambaud)
+
+- Installer:
+  - Bug fix:
+    - #18491: Installation under CLI doesn't take BASE_URI and Apache rewrite in consideration (by @PierreRambaud)
+    - #18451: Use scandir instead of readdir to get sorted entities (by @PierreRambaud)
+- Tests:
+  - Bug fix:
+    - #18309: Change test fixtures that need to be in the future (by @jolelievre)
+
 ####################################
 #   v1.7.6.4 - (2020-03-02)
 ####################################
622ba66ffdbf

Merge pull request from GHSA-7fmr-5vcc-329j

https://github.com/prestashop/prestashopGoTApr 15, 2020via osv
commit
3 files changed · +7 7
  • classes/controller/AdminController.php+1 1 modified
    @@ -1009,7 +1009,7 @@ public function processDeleteImage()
     {
         if (Validate::isLoadedObject($object = $this->loadObject())) {
             if (($object->deleteImage())) {
-                $redirect = self::$currentIndex . '&update' . $this->table . '&' . $this->identifier . '=' . Tools::getValue($this->identifier) . '&conf=7&token=' . $this->token;
+                $redirect = self::$currentIndex . '&update' . $this->table . '&' . $this->identifier . '=' . (int) Tools::getValue($this->identifier) . '&conf=7&token=' . $this->token;
                 if (!$this->ajax) {
                     $this->redirect_after = $redirect;
                 } else {
  • classes/helper/HelperList.php+1 1 modified
    @@ -232,7 +232,7 @@ public function displayListContent()
         if (isset($this->fields_list['position'])) {
             if ($this->position_identifier) {
                 if (isset($this->position_group_identifier)) {
-                    $position_group_identifier = Tools::getIsset($this->position_group_identifier) ? Tools::getValue($this->position_group_identifier) : $this->position_group_identifier;
+                    $position_group_identifier = Tools::getIsset($this->position_group_identifier) ? (int) Tools::getValue($this->position_group_identifier) : $this->position_group_identifier;
                 } else {
                     $position_group_identifier = (int) Tools::getValue('id_' . ($this->is_cms ? 'cms_' : '') . 'category', ($this->is_cms ? '1' : Category::getRootCategory()->id));
                 }
  • controllers/admin/AdminAttributesGroupsController.php+5 5 modified
    @@ -101,7 +101,7 @@ public function renderList()
 
     public function renderView()
     {
-        if (($id = Tools::getValue('id_attribute_group'))) {
+        if (($id = (int) Tools::getValue('id_attribute_group'))) {
             $this->table = 'attribute';
             $this->className = 'Attribute';
             $this->identifier = 'id_attribute';
@@ -617,7 +617,7 @@ public function initToolbarTitle()
 
             case 'view':
                 if (Tools::getIsset('viewattribute_group')) {
-                    if (($id = Tools::getValue('id_attribute_group'))) {
+                    if (($id = (int) Tools::getValue('id_attribute_group'))) {
                         if (Validate::isLoadedObject($obj = new AttributeGroup((int) $id))) {
                             $bread_extended[] = $obj->name[$this->context->employee->id_lang];
                         }
@@ -630,7 +630,7 @@ public function initToolbarTitle()
 
             case 'editAttributes':
                 if ($this->id_attribute) {
-                    if (($id = Tools::getValue('id_attribute_group'))) {
+                    if (($id = (int) Tools::getValue('id_attribute_group'))) {
                         if (Validate::isLoadedObject($obj = new AttributeGroup((int) $id))) {
                             $bread_extended[] = '<a href="' . Context::getContext()->link->getAdminLink('AdminAttributesGroups') . '&id_attribute_group=' . $id . '&viewattribute_group">' . $obj->name[$this->context->employee->id_lang] . '</a>';
                         }
@@ -742,7 +742,7 @@ public function postProcess()
             return;
         }
 
-        if (!Tools::getValue($this->identifier) && Tools::getValue('id_attribute') && !Tools::getValue('attributeOrderby')) {
+        if (!Tools::getValue($this->identifier) && (int) Tools::getValue('id_attribute') && !Tools::getValue('attributeOrderby')) {
             // Override var of Controller
             $this->table = 'attribute';
             $this->className = 'Attribute';
@@ -751,7 +751,7 @@ public function postProcess()
 
         /* set location with current index */
         if (Tools::getIsset('id_attribute_group') && Tools::getIsset('viewattribute_group')) {
-            self::$currentIndex = self::$currentIndex . '&id_attribute_group=' . Tools::getValue('id_attribute_group', 0) . '&viewattribute_group';
+            self::$currentIndex = self::$currentIndex . '&id_attribute_group=' . (int) Tools::getValue('id_attribute_group', 0) . '&viewattribute_group';
         }
 
         // If it's an attribute, load object Attribute()

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.