Headline
CVE-2020-11074: Stored XSS in AdminQuickAccesses
In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6.
Impact
Stored XSS when using the name of a quick access item.
Patches
The problem is fixed in 1.7.6.6
Workarounds
If the name is suspicious, do not click or try to remove it.
After getting the id, execute this SQL query:
DELETE FROM `ps_quick_access` WHERE `ps_quick_access`.`id_quick_access` = QUICK_ACCESS_ID
References
Cross-site Scripting (XSS) - Stored (CWE-79)