Description

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5

Remediation

References

CVE-2020-5272

Related Vulnerabilities

WordPress Plugin Yoast SEO Cross-Site Scripting (2.0.1)

IBM RTC Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2020-4544)

WordPress Plugin Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Local File Inclusion (1.4.3)

WordPress Plugin Ultimate Addons for Beaver Builder Cross-Site Scripting (1.24.3)

WordPress Plugin Login by Auth0 Multiple Vulnerabilities (3.11.3)

Severity

Medium

Classification

CVE-2020-5272 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities