First published: Thu Sep 24 2020(Updated: )
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | >=1.5.0.0<1.7.6.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15162 is a vulnerability in PrestaShop versions 1.5.0.0 and before 1.7.6.8 that allows users to send compromised files containing malicious JavaScript, triggering an XSS payload.
CVE-2020-15162 has a severity rating of medium, with a CVSS score of 5.4.
CVE-2020-15162 affects PrestaShop versions 1.5.0.0 and before 1.7.6.8, allowing users to send compromised files with malicious JavaScript, leading to an XSS attack.
To fix CVE-2020-15162, update your PrestaShop installation to version 1.7.6.8 or later, which resolves the issue.
You can find more information about CVE-2020-15162 in the references section: [GitHub Commit](https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf), [GitHub Release](https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8), [GitHub Security Advisory](https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392).