CVE-2020-5272

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5

Source: CVE-2020-5272

CVE-2017-18835

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Source: CVE-2017-18835

CVE-2020-5278

In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5

Source: CVE-2020-5278

CVE-2020-5279

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. – admin-dev/index.php/configure/shop/customer-preferences/ – admin-dev/index.php/improve/international/translations/ – admin-dev/index.php/improve/international/geolocation/ – admin-dev/index.php/improve/international/localization – admin-dev/index.php/configure/advanced/performance – admin-dev/index.php/sell/orders/delivery-slips/ – admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5

Source: CVE-2020-5279

CVE-2020-5276

In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5

Source: CVE-2020-5276

CVE-2020-5270

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5

Source: CVE-2020-5270

CVE-2020-5269

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5

Source: CVE-2020-5269

CVE-2020-5271

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5

Source: CVE-2020-5271

CVE-2020-5265

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.

Source: CVE-2020-5265

CVE-2020-5264

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.

Source: CVE-2020-5264