CVE-2020-5286 – Reflected XSS related in import page in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5286
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.7.4.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado cuando se carga un archivo incorrecto. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/fc0625fb0a9aab1835515f1bea52e8e063384da7 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-98j8-hvjv-x47j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-5287 – Improper access control on customers search in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5287
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay un control de acceso inapropiado en la búsqueda de clientes. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/27e49d89808f1d76eb909a595f344a6739bc0b52 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-r6rp-6gv6-r9hq • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2020-5288 – Improper access control on product attributes page in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5288
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, tiene un control de acceso inapropiado en la página de atributos del producto. El problema se corrigió en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/fc1d796dda769efdbc4d9e02ea7a11e4167338d0 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-4wxg-33h3-3w5r • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2020-5293 – Improper access control on product page with combinations, attachments and specific prices in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5293
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, hay un control de acceso inapropiado en la página del producto con combinaciones, archivos adjuntos y precios específicos. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdea1d78a7f https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-cvjj-grfv-f56w • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2020-5271 – Reflected XSS with dashboard calendar of PrestaShop
https://notcve.org/view.php?id=CVE-2020-5271
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.6.0.0 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado con los parámetros "date_from" y "date_to" en la página del panel de control. Este problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/c464518d2aaf195007a1eb055fce64a9a027e00a https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m2x6-c2c6-pjrx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •