Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-5273
In PrestaShop module ps_linklist versions prior to 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
Prestashop Prestashop Linklist
5.4
CVSSv3
CVE-2020-5294
PrestaShop module ps_facetedsearch versions prior to 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
Prestashop Prestashop Socialfollow
NA
CVE-2012-5799
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an...
Prestashop Prestashop -
Presto-changeo Canadapost -
6.1
CVSSv3
CVE-2019-11876
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing t...
Prestashop Prestashop 1.7.5.2
Drupal Drupal 8.7.0
9.8
CVSSv3
CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 up to and including 1.7) allows remote malicious users to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for uploa...
Prestashop Prestashop
Mypresta Customer Files Upload 2018-08-01
9.8
CVSSv3
CVE-2018-8823
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 up to and including 1.7.2.5 allows remote malicious users to execute arbitrary PHP code via the code parameter.
Responsive Mega Menu Pro Project Responsive Mega Menu Pro 1.0.32
Prestashop Prestashop
9.8
CVSSv3
CVE-2018-8824
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 up to and including 1.7.2.5 allows remote malicious users to execute a SQL Injection through function calls in the code parameter.
Responsive Mega Menu Pro Project Responsive Mega Menu Pro 1.0.32
Prestashop Prestashop
9.3
CVSSv3
CVE-2020-15178
In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing malicious users to execute arbitrary JavaScript in a victim'...
Prestashop Contactform
7.5
CVSSv3
CVE-2023-30282
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.
Prestashop Scexportcustomers
8.8
CVSSv3
CVE-2022-31101
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workaro...
Prestashop Blockwishlist
4 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »