CVE-2020-5270 Information

Description

In PrestaShop between versions 1.7.6.0 and 1.7.6.5 there is an open redirection when using back parameter. The impacts can be many and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1