CVE-2020-15161

Summary

In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8

Affected Software

VendorProductVersion RangeStatus
PrestaShopPrestaShop> 1.6.0.4, < 1.7.6.8affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References