Description

In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.

Remediation

References

CVE-2020-11074

Related Vulnerabilities

WordPress Plugin WooCommerce Cross-Site Scripting (2.4.8)

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

WordPress Plugin MailChimp List Subscribe Form Multiple Unspecified Vulnerabilities (1.1)

WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-12276)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11870)

Severity

Medium

Classification

CVE-2020-11074 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities