Vulnerability Details CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 4.4
CVSS v2 Score 4.3
References
- https://github.com/PrestaShop/PrestaShop/commit/622ba66ffdbf48b399875003e00bc34d8a3ef712
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7fmr-5vcc-329j
- https://github.com/PrestaShop/PrestaShop/commit/622ba66ffdbf48b399875003e00bc34d8a3ef712
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7fmr-5vcc-329j
Products affected by CVE-2020-5265
-
cpe:2.3:a:prestashop:prestashop:1.7.6.2
-
cpe:2.3:a:prestashop:prestashop:1.7.6.3
-
cpe:2.3:a:prestashop:prestashop:1.7.6.4