CVE-2020-15162 Information

Feb 14, 2021 cve

Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8 users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: