CVE-2020-15162
Summary
| CVE | CVE-2020-15162 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-24 23:15:00 UTC |
| Updated | 2020-09-30 14:18:00 UTC |
| Description | In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Prestashop | Prestashop | All | All | All | All |
| Application | Prestashop | Prestashop | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release PrestaShop 1.7.6.8 · PrestaShop/PrestaShop · GitHub | MISC | github.com | Third Party Advisory |
| Merge pull request from GHSA-rc8c-v7rq-q392 · PrestaShop/PrestaShop@2cfcd33 · GitHub | MISC | github.com | Patch, Third Party Advisory |
| Stored XSS in upload files · Advisory · PrestaShop/PrestaShop · GitHub | CONFIRM | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.