Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5270

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5

Published

2020-04-20T17:15:15.507

Last Modified

2024-11-21T05:33:48.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-601
Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prestashop	prestashop	< 1.7.6.5	Yes

References

https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458 Patch, Third Party Advisory ([email protected])
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc Patch, Third Party Advisory ([email protected])
https://github.com/PrestaShop/PrestaShop/commit/cd2219dca49965ae8421bb5a53fc301f3f23c458 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-375w-q56h-h7qc Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)