Vulnerabilities > CVE-2020-15162 - Unspecified vulnerability in Prestashop
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
Vulnerable Configurations
References
- https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
- https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392