Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prestashop vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-5273
In PrestaShop module ps_linklist versions prior to 3.1.0, there is a stored XSS when using custom URLs. The problem is fixed in version 3.1.0
Prestashop Prestashop Linklist
3.5
CVSSv2
CVE-2020-5294
PrestaShop module ps_facetedsearch versions prior to 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0
Prestashop Prestashop Socialfollow
3.5
CVSSv2
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
Prestashop Prestashop 1.7.2.4
4.3
CVSSv2
CVE-2020-6632
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.
Prestashop Prestashop 1.7.6.2
7.5
CVSSv2
CVE-2021-3110
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
Prestashop Prestashop 1.7.7.0
5
CVSSv2
CVE-2018-5682
PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.
Prestashop Prestashop 1.7.2.4
3.5
CVSSv2
CVE-2020-21967
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote malicious users to run arbitrary code via the add new file page.
Prestashop Prestashop 1.7.6.7
5
CVSSv2
CVE-2011-4545
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
Prestashop Prestashop 1.4.4.1
1 EDB exploit
7.5
CVSSv2
CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module
Prestashop Prestashop 1.5.5.0
9
CVSSv2
CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated malicious users to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
Prestashop Prestashop 1.5.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »