Description
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc
Patch, Third Party Advisory x_refsource_misc
https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458
Scores
CVSS v3
4.1
EPSS
0.0018
EPSS Percentile
39.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Details
CWE
CWE-601
Status
published
Products (1)
prestashop/prestashop
1.7.6.0 - 1.7.6.5
Published
Apr 20, 2020
Tracked Since
Feb 18, 2026