Skip to content

Stored XSS in AdminQuickAccesses

Moderate
matks published GHSA-v4pg-q2cv-f7x4 Jul 2, 2020

Package

No package listed

Affected versions

> 1.5.3.0

Patched versions

1.7.6.6

Description

Impact

Stored XSS when using the name of a quick access item.

Patches

The problem is fixed in 1.7.6.6

Workarounds

If the name is suspicious, do not click or try to remove it.
After getting the id, execute this SQL query:

DELETE FROM `ps_quick_access` WHERE `ps_quick_access`.`id_quick_access` = QUICK_ACCESS_ID

References

Cross-site Scripting (XSS) - Stored (CWE-79)

Severity

Moderate

CVE ID

CVE-2020-11074

Weaknesses

No CWEs