Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-2517
Cross-site scripting (XSS) vulnerability in PrestaShop prior to 1.4.9 allows remote malicious users to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
Prestashop Prestashop
1 EDB exploit
6.4
CVSSv2
CVE-2018-13784
PrestaShop prior to 1.6.1.20 and 1.7.x prior to 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.
Prestashop Prestashop
2 EDB exploits
2 Github repositories
4.3
CVSSv2
CVE-2020-5264
In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.
Prestashop Prestashop
4.3
CVSSv2
CVE-2020-5265
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.
Prestashop Prestashop
4.3
CVSSv2
CVE-2020-5269
In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5
Prestashop Prestashop
5.8
CVSSv2
CVE-2020-5270
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in so...
Prestashop Prestashop
4.3
CVSSv2
CVE-2020-5271
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
Prestashop Prestashop
10
CVSSv2
CVE-2020-4074
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
Prestashop Prestashop
6.5
CVSSv2
CVE-2021-21302
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
Prestashop Prestashop
6.4
CVSSv2
CVE-2018-19125
PrestaShop 1.6.x prior to 1.6.1.23 and 1.7.x prior to 1.7.4.4 allows remote malicious users to delete an image directory.
Prestashop Prestashop
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »