|
202451
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5271
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202452
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redi…
|
CWE-601
Open Redirect
|
CVE-2020-5270
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202453
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
|
CWE-79
Cross-site Scripting
|
CVE-2020-5269
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202454
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5265
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202455
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5264
|
2024-11-21 14:33 |
2020-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202456
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_socialfollow
|
PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5294
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202457
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_linklist
|
In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5273
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202458
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop_link
|
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0
|
CWE-79
Cross-site Scripting
|
CVE-2020-5266
|
2024-11-21 14:33 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202459
|
7.2 |
HIGH
Network
|
dell
|
emc_integrated_data_protection_appliance
|
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileg…
|
CWE-78
OS Command
|
CVE-2020-5350
|
2024-11-21 14:33 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202460
|
4.8 |
MEDIUM
Network
|
emc
|
rsa_authentication_manager
|
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5346
|
2024-11-21 14:33 |
2020-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
