CVE-2020-5270

Name of the Vulnerable Software and Affected Versions PrestaShop versions 1.7.6.0 through 1.7.6.5

Description The issue is related to an open redirection when using the back parameter. This can lead to the theft of information and credentials, as well as redirection to malicious websites containing attacker-controlled content, potentially causing XSS attacks.

Recommendations For PrestaShop versions 1.7.6.0 through 1.7.6.5, update to version 1.7.6.5 to resolve the issue. As a temporary workaround, consider restricting the use of the back parameter to minimize the risk of exploitation.