CVE-2020-5269

Medium

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The…

GitHub_M·CWE-79·Published 2020-04-20

CVSS

6.1

EPSS

0.01

KEV

Exploits

cve.orgen

167 chars

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5

NVDen

167 chars

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5

En PrestaShop entre las versiones 1.7.6.1 y 1.7.6.5, hay una vulnerabilidad de tipo XSS reflejado en la página AdminFeatures usando el parámetro "id_feature". El problema se corrigió en la versión 1.7.6.5

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	4.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
3.1	Primary	cve.org	4.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
3.1	Secondary	NVD	4.1	2.3	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N