First published: Thu Jul 02 2020(Updated: )
In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | >1.5.3.0<1.7.6.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11074 is a stored XSS vulnerability that exists in PrestaShop from version 1.5.3.0 and before version 1.7.6.6.
CVE-2020-11074 has a severity score of 5.4, which is considered medium.
CVE-2020-11074 affects PrestaShop versions 1.5.3.0 to 1.7.6.6.
CVE-2020-11074 can be fixed by updating PrestaShop to version 1.7.6.6, which includes a fix for the vulnerability.
You can find more information about CVE-2020-11074 on the GitHub page of PrestaShop.