|
197491
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5285
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197492
|
6.5 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ …
|
CWE-863
Incorrect Authorization
|
CVE-2020-5279
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197493
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5278
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197494
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5276
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197495
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5272
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197496
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5271
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197497
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redi…
|
CWE-601
Open Redirect
|
CVE-2020-5270
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197498
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5269
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197499
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5265
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197500
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5264
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
