Main Vulnerability Database SB2020010946

SB2020010946 - Cross-site scripting in PrestaShop

Published: January 9, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020010946

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2020-6632)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.

Remediation

Install update from vendor's website.

References

https://github.com/PrestaShop/PrestaShop/pull/17050/commits