CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5287 – Improper access control on customers search in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5287
20 Apr 2020 — In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay un control de acceso inapropiado en la búsqueda de clientes. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/27e49d89808f1d76eb909a595f344a6739bc0b52 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5288 – Improper access control on product attributes page in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5288
20 Apr 2020 — "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, tiene un control de acceso inapropiado en la página de atributos del producto. El problema se corrigió en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/fc1d796dda769efdbc4d9e02ea7a11e4167338d0 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5293 – Improper access control on product page with combinations, attachments and specific prices in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5293
20 Apr 2020 — In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, hay un control de acceso inapropiado en la página del producto con combinaciones, archivos adjuntos y precios específicos. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdea1d78a7f • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5271 – Reflected XSS with dashboard calendar of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5271
20 Apr 2020 — In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.6.0.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado con los parámetros "date_from" y "date_to" en la página del panel de control. Este problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/c464518d2aaf195007a1eb055fce64a9a027e00a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5272 – Reflected XSS on Search page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5272
20 Apr 2020 — In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5 En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Search con los parámetros "alias" y "search". El problema está solucionado en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/d3bf027fa37e8105fed3c809d636ebe787e43f46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5276 – Reflected XSS on AdminCarts page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5276
20 Apr 2020 — In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.1.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminCarts con el parámetro "cartBox". El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/6838d21850e7227fb8afbf568cb0386b3dedd3ef • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5278 – Reflected XSS on Exception page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5278
20 Apr 2020 — In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.5.4.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Exception. El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/ea85210d6e5d81f058b55764bc4608cdb0b36c5d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5279 – Improper Access Control for certain legacy controller in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5279
20 Apr 2020 — In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=Admin... • https://github.com/PrestaShop/PrestaShop/commit/4444fb85761667a2206874a3112ccc77f657d76a • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5285 – Reflected XSS with back parameter in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5285
20 Apr 2020 — In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.6.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado con el parámetro "back". El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/b6aea152988d81e1586f1c03f2e72c9ef2fe7df7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5269 – Reflected XSS on AdminFeatures page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5269
20 Apr 2020 — In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.6.1 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminFeatures usando el parámetro "id_feature". El problema se corrigió en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/9efca621a0b74b82dafa91e6b955120036e31334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •