CVE-2020-5293 – Improper access control on product page with combinations, attachments and specific prices in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5293
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, hay un control de acceso inapropiado en la página del producto con combinaciones, archivos adjuntos y precios específicos. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdea1d78a7f https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-cvjj-grfv-f56w • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2020-5271 – Reflected XSS with dashboard calendar of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5271
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.6.0.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado con los parámetros "date_from" y "date_to" en la página del panel de control. Este problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/c464518d2aaf195007a1eb055fce64a9a027e00a https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m2x6-c2c6-pjrx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5272 – Reflected XSS on Search page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5272
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5 En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Search con los parámetros "alias" y "search". El problema está solucionado en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/d3bf027fa37e8105fed3c809d636ebe787e43f46 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rpg3-f23r-jmqv • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5278 – Reflected XSS on Exception page of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5278
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.5.4.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página Exception. El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/ea85210d6e5d81f058b55764bc4608cdb0b36c5d https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mrpj-67mq-3fr5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5279 – Improper Access Control for certain legacy controller in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5279
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.5.0.0 y 1.7.6.5, hay un control de acceso inapropiado desde la versión 1.5.0.0 para controladores heredados. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses. El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/4444fb85761667a2206874a3112ccc77f657d76a https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-74vp-ww64-w2gm • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •