CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5264 – Reflected XSS in security compromised page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5264
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5. En PrestaShop versiones anteriores a 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado mientras se ejecuta la página security compromised. Permite a cualquiera ejecutar una acción arbitraria. • https://github.com/PrestaShop/PrestaShop/commit/06b7765c91c58e09ab4f8ddafbde02070fcb6f3a https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-48vj-vvr6-jj4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5265 – Reflected XSS on AdminAttributesGroups page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5. En PrestaShop entre las versiones 1.7.6.1 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminAttributesGroups. El problema está corregido en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/622ba66ffdbf48b399875003e00bc34d8a3ef712 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7fmr-5vcc-329j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5266 – Stored XSS on back office edit page
https://notcve.org/view.php?id=CVE-2020-5266
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0 En el módulo ps_link para PrestaShop versiones anteriores a la versión 3.1.0, tiene una vulnerabilidad de tipo XSS almacenado cuando se crea o edita un bloque de lista de enlaces con el campo title. El problema es corregido en la versión 3.1.0 • https://github.com/PrestaShop/ps_linklist/commit/b90005c2cfed949ab564228b277a728e0a62a876 https://github.com/PrestaShop/ps_linklist/security/advisories/GHSA-vr7g-vqp5-966j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5273 – Stored XSS with custom URLs in PrestaShop module ps_linklist
https://notcve.org/view.php?id=CVE-2020-5273
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0 En el módulo ps_linklist de PrestaShop versiones anteriores a la versión3.1.0, tiene una vulnerabilidad de tipo XSS almacenado cuando se usan URLs personalizadas. El problema es corregido en la versión 3.1.0 • https://github.com/PrestaShop/ps_linklist/commit/83e6e0bdda2287f4d6e64127cb90c41d26b5ad82 https://github.com/PrestaShop/ps_linklist/security/advisories/GHSA-cx2r-mf6x-55rx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5294 – Reflected XSS with social networks fields
https://notcve.org/view.php?id=CVE-2020-5294
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 El módulo ps_facetedsearch de PrestaShop versiones anteriores a 2.1.0, tiene una vulnerabilidad de tipo XSS reflejado con los campos de redes sociales El problema es corregido en la versión 2.1.0 • https://github.com/PrestaShop/ps_socialfollow/commit/c1768bf14c0fcf8311bea15fba4ffdda45522d6b https://github.com/PrestaShop/ps_socialfollow/security/advisories/GHSA-774w-fg8p-7c8w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •