CVE-2020-15162

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

Published: Sep 25, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15162
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	1.5.0.0	1.7.6.8

https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392

Vulnerability Database

290,273

CVE-2020-15162