CVE-2020-15162 - In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are - CVEs Blog

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15162

Reference (s):

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392
URL: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-rc8c-v7rq-q392
https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
URL: https://github.com/PrestaShop/PrestaShop/commit/2cfcd33c75974a49f17665f294f228454e14d9cf
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8

CVE-2020-15162 – In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2020-26212 - GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

Categories

Partners

Just add here your partners image or promo text