Description

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.

Remediation

References

CVE-2020-5264

Related Vulnerabilities

MySQL CVE-2021-35628 Vulnerability (CVE-2021-35628)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15730)

WordPress Plugin Custom Contact Forms Security Bypass (5.1.0.3)

WordPress Plugin Category Order and Taxonomy Terms Order PHP Object Injection (1.5.2.2)

WordPress Plugin Featured Video Plus Unspecified Vulnerability (2.2.3)

Severity

Medium

Classification

CVE-2020-5264 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities