Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-5266
In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. The problem is fixed in 3.1.0
Prestashop Prestashop Link
5.4
CVSSv3
CVE-2020-5273
In PrestaShop module ps_linklist versions prior to 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
Prestashop Prestashop Linklist
NA
CVE-2012-5799
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an...
Prestashop Prestashop -
Presto-changeo Canadapost -
6.1
CVSSv3
CVE-2019-11876
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing t...
Prestashop Prestashop 1.7.5.2
Drupal Drupal 8.7.0
9.8
CVSSv3
CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 up to and including 1.7) allows remote malicious users to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for uploa...
Prestashop Prestashop
Mypresta Customer Files Upload 2018-08-01
9.8
CVSSv3
CVE-2018-8823
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 up to and including 1.7.2.5 allows remote malicious users to execute arbitrary PHP code via the code parameter.
Responsive Mega Menu Pro Project Responsive Mega Menu Pro 1.0.32
Prestashop Prestashop
9.8
CVSSv3
CVE-2018-8824
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 up to and including 1.7.2.5 allows remote malicious users to execute a SQL Injection through function calls in the code parameter.
Responsive Mega Menu Pro Project Responsive Mega Menu Pro 1.0.32
Prestashop Prestashop
9.8
CVSSv3
CVE-2023-36263
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Prestashop Opartlimitquantity
5.3
CVSSv3
CVE-2023-33777
An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows malicious users to execute a directory traversal attack.
Prestashop Amazon
6.1
CVSSv3
CVE-2022-35933
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Prestashop Productcomments
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »