|
200631
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5276
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200632
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5272
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200633
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5271
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200634
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redi…
|
CWE-601
Open Redirect
|
CVE-2020-5270
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200635
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5269
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200636
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5265
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200637
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5264
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200638
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_socialfollow
|
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5294
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200639
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_linklist
|
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5273
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200640
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_link
|
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5266
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
