Komradz

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.7.4.0 through 1.7.6.5 **Description** The issue arises from some files being incorrectly included in the release archive or being accessible when they should not be. A possible workaround is to restrict access to certain files, specifically making sure `composer.json` and `docker-compose.yml` are not accessible on the server. **Recommendations** For PrestaShop versions 1.7.4.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue. As a temporary workaround, consider restricting access to `composer.json` and `docker-compose.yml` files on the server until the update to version 1.7.6.6 can be applied.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.7.0.0 through 1.7.6.5 **Description** The issue allows for a reflected XSS attack when a corrupted file is sent to the target. This can lead to malicious script execution. The problem is fixed in version 1.7.6.6. **Recommendations** For PrestaShop versions 1.7.0.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue.