Skip to content

Reflected XSS when uploading an image in the Product page

Low
matks published GHSA-qgh4-95j7-p3vj Jul 2, 2020

Package

No package listed

Affected versions

> 1.7.0.0

Patched versions

1.7.6.6

Description

Impact

If a target sends a corrupted file, it leads to a reflected XSS.

Patches

The problem is fixed in 1.7.6.6

References

Cross-site Scripting (XSS) - Reflected (CWE-79)

Thanks to Komradz

Severity

Low

CVE ID

CVE-2020-15083

Weaknesses

No CWEs