Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 4, 2024
Reflected XSS on AdminFeatures page of PrestaShop
CVE-2020-5269
Description
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the id_feature parameter. The problem is fixed in 1.7.6.5
Affected products
1- Range: >= 1.7.6.1, < 1.7.6.5
Patches
2270ed6f80fadMerge pull request #18659 from sowbiba/changelog-1765
1 file changed · +41 −0
docs/CHANGELOG.txt+41 −0 modified@@ -24,6 +24,47 @@ International Registered Trademark & Property of PrestaShop SA Release Notes for PrestaShop 1.7 -------------------------------- +#################################### +# v1.7.6.5 - (2020-04-17) +#################################### +- Back Office: + - Bug fix: + - #18637: Fix sidebar not displayed in BO Add employee page (by @Progi1984) + - #18607: Fix wrong number of "Last emails" in BO - Customer View page (by @PululuK) + - #17920: Wrong redirection when using the quick search for a category (by @PululuK) + - #18064: Fix error when trying to translate Serbian using the BO interface (by @eternoendless) +- Front Office: + - Bug fix: + - #18633: Convert cart rule value when order currency is different (by @sowbiba) + - #18493: Change product redirection rules to redirect to valid attribute url (by @jolelievre) + - #18103: Duplicate address when submitting a form with errors (by @PierreRambaud) +- Core: + - Improvement: + - #18638: Update version to 1.7.6.5 (by @PierreRambaud) + - Bug fix: + - #GHSA-cvjj-grfv-f56w - Improper access control on product page with combinations, attachments and specific prices (by @PierreRambaud) + - #GHSA-4wxg-33h3-3w5r - Improper access control on product attributes page (by @PierreRambaud) + - #GHSA-r6rp-6gv6-r9hq - Improper access control on customers search (by @PierreRambaud) + - #GHSA-74vp-ww64-w2gm - Improper Access Control (by @PierreRambaud) + - #GHSA-98j8-hvjv-x47j - Reflected XSS related in import page (by @PierreRambaud) + - #GHSA-j3r6-33hf-m8wh - Reflected XSS with back parameter (by @PierreRambaud) + - #GHSA-mrpj-67mq-3fr5 - Reflected XSS on Exception page (by @PierreRambaud) + - #GHSA-q6pr-42v5-v97q - Reflected XSS on AdminCarts page (by @PierreRambaud) + - #GHSA-rpg3-f23r-jmqv - Reflected XSS on Search page (by @PierreRambaud) + - #GHSA-m2x6-c2c6-pjrx - Reflected XSS with dashboard calendar (by @PierreRambaud) + - #GHSA-375w-q56h-h7qc - Open redirection when using back parameter (by @PierreRambaud) + - #GHSA-87jh-7xpg-6v93 - Reflected XSS on AdminFeatures page (by @PierreRambaud) + - #GHSA-7fmr-5vcc-329j - Reflected XSS on AdminAttributesGroups page (by @PierreRambaud) + - #GHSA-48vj-vvr6-jj4f - Reflected XSS in security compromised page (by @PierreRambaud) + +- Installer: + - Bug fix: + - #18491: Installation under CLI doesn't take BASE_URI and Apache rewrite in consideration (by @PierreRambaud) + - #18451: Use scandir instead of readdir to get sorted entities (by @PierreRambaud) +- Tests: + - Bug fix: + - #18309: Change test fixtures that need to be in the future (by @jolelievre) + #################################### # v1.7.6.4 - (2020-03-02) ####################################
9efca621a0b7Merge pull request from GHSA-87jh-7xpg-6v93
2 files changed · +3 −3
admin-dev/themes/default/template/helpers/list/list_content.tpl+1 −1 modified@@ -50,7 +50,7 @@ {if isset($params.align)} {$params.align}{/if}{/strip}" {if (!isset($params.position) && !$no_link && !isset($params.remove_onclick))} {if isset($tr.link) } - onclick="document.location = '{$tr.link}'"> + onclick="document.location = '{$tr.link|addslashes|escape:'html':'UTF-8'}'"> {else} onclick="document.location = '{$current_index|addslashes|escape:'html':'UTF-8'}&{$identifier|escape:'html':'UTF-8'}={$tr.$identifier|escape:'html':'UTF-8'}{if $view}&view{else}&update{/if}{$table|escape:'html':'UTF-8'}{if $page > 1}&page={$page|intval}{/if}&token={$token|escape:'html':'UTF-8'}'"> {/if}
controllers/admin/AdminFeaturesController.php+2 −2 modified@@ -115,7 +115,7 @@ protected function setTypeFeature() public function renderView() { - if (($id = Tools::getValue('id_feature'))) { + if (($id = (int) Tools::getValue('id_feature'))) { $this->setTypeValue(); $this->list_id = 'feature_value'; $this->lang = true; @@ -299,7 +299,7 @@ public function initToolbarTitle() case 'editFeatureValue': if (Tools::getValue('id_feature_value')) { - if (($id = Tools::getValue('id_feature'))) { + if (($id = (int) Tools::getValue('id_feature'))) { if (Validate::isLoadedObject($obj = new Feature((int) $id))) { $bread_extended[] = '<a href="' . Context::getContext()->link->getAdminLink('AdminFeatures') . '&id_feature=' . $id . '&viewfeature">' . $obj->name[$this->context->employee->id_lang] . '</a>'; }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- github.com/PrestaShop/PrestaShop/commit/9efca621a0b74b82dafa91e6b955120036e31334mitrex_refsource_MISC
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-87jh-7xpg-6v93mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.