Vulnerabilities > Prestashop

DATE CVE VULNERABILITY TITLE RISK
2022-01-26 CVE-2022-21686 Code Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce platform.
network
low complexity
prestashop CWE-94
7.5
2021-12-21 CVE-2012-20001 Cross-site Scripting vulnerability in Prestashop
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.
network
prestashop CWE-79
4.3
2021-12-07 CVE-2021-43789 SQL Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop CWE-89
7.5
2021-03-31 CVE-2021-21418 Cross-site Scripting vulnerability in Prestashop PS Emailsubscription
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform.
network
prestashop CWE-79
3.5
2021-03-30 CVE-2021-21398 Cross-site Scripting vulnerability in Prestashop 1.7.7.0
PrestaShop is a fully scalable open source e-commerce solution.
network
prestashop CWE-79
3.5
2021-02-26 CVE-2021-21308 Improper Authentication vulnerability in Prestashop
PrestaShop is a fully scalable open source e-commerce solution.
network
low complexity
prestashop CWE-287
6.4
2021-02-26 CVE-2021-21302 Improper Neutralization of Formula Elements in a CSV File vulnerability in Prestashop
PrestaShop is a fully scalable open source e-commerce solution.
network
low complexity
prestashop CWE-1236
6.5
2021-01-20 CVE-2021-3110 SQL Injection vulnerability in Prestashop 1.7.7.0
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
network
low complexity
prestashop CWE-89
7.5
2020-12-03 CVE-2020-26248 SQL Injection vulnerability in Prestashop Productcomments
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service.
network
low complexity
prestashop CWE-89
6.4
2020-11-16 CVE-2020-26225 Cross-site Scripting vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0
In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link.
network
prestashop CWE-79
4.3