Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-11074: Stored XSS in AdminQuickAccesses

In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.

CVE
#sql#xss

Impact

Stored XSS when using the name of a quick access item.

Patches

The problem is fixed in 1.7.6.6

Workarounds

If the name is suspicious, do not click or try to remove it.
After getting the id, execute this SQL query:

DELETE FROM `ps_quick_access` WHERE `ps_quick_access`.`id_quick_access` = QUICK_ACCESS_ID

References

Cross-site Scripting (XSS) - Stored (CWE-79)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907