CVE-2020-5264 MEDIUM

CVE-2020-5264: Reflected XSS in security compromised page of PrestaShop

Vendor Prestashop

Product PrestaShop

Weakness CWE-79 · XSS

Published April 20, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.

Key dates

02Disclosure timeline

April 20, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5264 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-50875 WordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS) CVE-2024-1636 Potential Cross-Site Scripting (XSS) in the page editing area CVE-2025-53324 WordPress Gutenify Plugin <= 1.5.7 - Cross Site Scripting (XSS) Vulnerability CVE-2024-9073 GutenGeek Free Gutenberg Blocks for WordPress <= 1.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2025-58645 WordPress Gravitate Automated Tester Plugin <= 1.4.5 - Cross Site Scripting (XSS) Vulnerability