CVE-2020-15161 Information
Feb 14, 2021
cve
Description
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/PrestaShop/PrestaShop/commit/562a231fec18a928e4a601860416fe11af274672 https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-5cp2-r794-w37w
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: