CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5285 – Reflected XSS with back parameter in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5285
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.6.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado con el parámetro "back". El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/b6aea152988d81e1586f1c03f2e72c9ef2fe7df7 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-j3r6-33hf-m8wh • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5269 – Reflected XSS on AdminFeatures page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5269
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.6.1 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminFeatures usando el parámetro "id_feature". El problema se corrigió en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/9efca621a0b74b82dafa91e6b955120036e31334 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-87jh-7xpg-6v93 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5270 – Open redirection when using back parameter of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5270
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.6.0 y 1.7.6.5, hay un redireccionamiento abierto cuando se usa el parámetro back. Los impactos pueden ser muchos y varían desde el robo de información y credenciales hasta el redireccionamiento a sitios web maliciosos que contienen contenido controlado por los atacantes, que en algunos casos incluso causan ataques de tipo XSS. • https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5264 – Reflected XSS in security compromised page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5264
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5. En PrestaShop versiones anteriores a 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado mientras se ejecuta la página security compromised. Permite a cualquiera ejecutar una acción arbitraria. • https://github.com/PrestaShop/PrestaShop/commit/06b7765c91c58e09ab4f8ddafbde02070fcb6f3a https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-48vj-vvr6-jj4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5265 – Reflected XSS on AdminAttributesGroups page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5. En PrestaShop entre las versiones 1.7.6.1 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminAttributesGroups. El problema está corregido en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/622ba66ffdbf48b399875003e00bc34d8a3ef712 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7fmr-5vcc-329j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •