CVE-2020-15162

Опубликовано: 24 сент. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392
Exploit
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.5.0.0 (включая) до 1.7.6.8 (исключая)

EPSS

Процентиль: 48%

0.00249

Низкий

5.4 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

EPSS

Процентиль: 48%

0.00249

Низкий

5.4 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79