CVE CVE-2020-15162 Mappings

In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-15162 PrestaShop primary_impact T1059 Command and Scripting Interpreter
CVE-2020-15162 PrestaShop secondary_impact T1185 Man in the Browser