First published: Mon Apr 20 2020(Updated: )
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | >1.7.4.0<1.7.6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5286 is a reflected XSS vulnerability in PrestaShop versions 1.7.4.0 to 1.7.6.5.
CVE-2020-5286 has a severity score of 6.1 (medium).
CVE-2020-5286 affects PrestaShop versions 1.7.4.0 to 1.7.6.5.
To fix CVE-2020-5286, update PrestaShop to version 1.7.6.5 or later.
You can find more information about CVE-2020-5286 in the references section: [link1](https://github.com/PrestaShop/PrestaShop/commit/fc0625fb0a9aab1835515f1bea52e8e063384da7), [link2](https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-98j8-hvjv-x47j).