Vulnerability Details CVE-2020-5270
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.6%
CVSS Severity
CVSS v3 Score 4.1
CVSS v2 Score 5.8
References
- https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc
- https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc
Products affected by CVE-2020-5270
-
cpe:2.3:a:prestashop:prestashop:1.7.6.1
-
cpe:2.3:a:prestashop:prestashop:1.7.6.2
-
cpe:2.3:a:prestashop:prestashop:1.7.6.3
-
cpe:2.3:a:prestashop:prestashop:1.7.6.4