Vulnerability Description
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | < 1.7.6.5 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301fPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qcPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301fPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qcPatchThird Party Advisory
FAQ
What is CVE-2020-5270?
CVE-2020-5270 is a vulnerability with a CVSS score of 4.1 (MEDIUM). In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redir...
How severe is CVE-2020-5270?
CVE-2020-5270 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5270?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.