VYPR
Unrated severityNVD Advisory· Published Apr 20, 2020· Updated Aug 4, 2024

Open redirection when using back parameter of PrestaShop

CVE-2020-5270

Description

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Prestashop/Prestashopllm-fuzzy2 versions
    <1.7.6.5+ 1 more
    • (no CPE)range: <1.7.6.5
    • (no CPE)range: >= 1.7.6.0, < 1.7.6.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.