Vulnerability Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | >= 1.5.0.0, < 1.7.6.8 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f22845PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392ExploitThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f22845PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392ExploitThird Party Advisory
FAQ
What is CVE-2020-15162?
CVE-2020-15162 is a vulnerability with a CVSS score of 5.4 (MEDIUM). In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payloa...
How severe is CVE-2020-15162?
CVE-2020-15162 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15162?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.