WEB APPLICATION VULNERABILITIES Standard & Premium

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5285)

Description

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5

Remediation

References

Related Vulnerabilities

WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-35150)

WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (1.87)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0218)

Severity

Medium

Classification

CVE-2020-5285 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities