Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-21686 | Code Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce platform. | 7.5 |
| 2021-12-21 | CVE-2012-20001 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | 4.3 |
| 2021-12-07 | CVE-2021-43789 | SQL Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 7.5 |
| 2021-03-31 | CVE-2021-21418 | Cross-site Scripting vulnerability in Prestashop PS Emailsubscription ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. | 3.5 |
| 2021-03-30 | CVE-2021-21398 | Cross-site Scripting vulnerability in Prestashop 1.7.7.0 PrestaShop is a fully scalable open source e-commerce solution. | 3.5 |
| 2021-02-26 | CVE-2021-21308 | Improper Authentication vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 6.4 |
| 2021-02-26 | CVE-2021-21302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 6.5 |
| 2021-01-20 | CVE-2021-3110 | SQL Injection vulnerability in Prestashop 1.7.7.0 The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | 7.5 |
| 2020-12-03 | CVE-2020-26248 | SQL Injection vulnerability in Prestashop Productcomments In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. | 6.4 |
| 2020-11-16 | CVE-2020-26225 | Cross-site Scripting vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0 In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. | 4.3 |