Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 4, 2024
Open redirection when using back parameter of PrestaShop
CVE-2020-5270
Description
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.7.6.5+ 1 more
- (no CPE)range: <1.7.6.5
- (no CPE)range: >= 1.7.6.0, < 1.7.6.5
Patches
Vulnerability mechanics
References
2- github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458mitrex_refsource_MISC
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qcmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.