Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392
Patch, Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
Scores
CVSS v3
5.4
EPSS
0.0025
EPSS Percentile
48.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
prestashop/prestashop
1.5.0.0 - 1.7.6.8
Published
Sep 24, 2020
Tracked Since
Feb 18, 2026