CVE-2020-15161

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15161

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15161.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15161

Related

GHSA-5cp2-r794-w37w

Published

2020-09-24T22:15:12.260Z

Modified

2026-04-10T04:22:48.600579Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

References

Affected packages

Git / github.com/prestashop/prestashop

Affected ranges

Type

GIT

Repo

https://github.com/prestashop/prestashop

Events

Introduced

e781755b2cc9ec6196413b6060357371557cbc8b

Fixed

69f840d7f626769431c9c0ae9ad8ef1a327571c0

Fixed

562a231fec18a928e4a601860416fe11af274672

Database specific

{
    "versions": [
        {
            "introduced": "1.6.0.4"
        },
        {
            "fixed": "1.7.6.8"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15161.json"