What the vulnerability does
01Description
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5
CVE-2020-5286
MEDIUM
CVE-2020-5286: Reflected XSS related in import page in PrestaShop
CVSS base score
4.1/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Key dates
02Disclosure timeline
April 20, 2020
CVE published
August 4, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-2727 Stored Cross-Site Scripting (Stored-XSS) vulnerability in the CIGESv2 system
CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid
CVE-2026-23973 WordPress Golo theme < 1.7.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2025-67629 WordPress Basticom Framework plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability
CVE-2021-24937 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting
