Vulnerabilities > Prestashop

DATE CVE VULNERABILITY TITLE RISK
2022-07-13 CVE-2020-21967 Cross-site Scripting vulnerability in Prestashop 1.7.6.7
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.
network
prestashop CWE-79
3.5
2022-06-27 CVE-2022-31101 SQL Injection vulnerability in Prestashop Blockwishlist 2.0.0/2.0.1/2.1.0
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists.
network
low complexity
prestashop CWE-89
6.5
2022-01-26 CVE-2022-21686 Code Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce platform.
network
low complexity
prestashop CWE-94
7.5
2021-12-21 CVE-2012-20001 Cross-site Scripting vulnerability in Prestashop
PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field.
network
prestashop CWE-79
4.3
2021-12-07 CVE-2021-43789 SQL Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce web application.
network
low complexity
prestashop CWE-89
7.5
2021-03-31 CVE-2021-21418 Cross-site Scripting vulnerability in Prestashop PS Emailsubscription
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform.
network
prestashop CWE-79
3.5
2021-03-30 CVE-2021-21398 Cross-site Scripting vulnerability in Prestashop 1.7.7.0
PrestaShop is a fully scalable open source e-commerce solution.
network
prestashop CWE-79
3.5
2021-02-26 CVE-2021-21308 Improper Authentication vulnerability in Prestashop
PrestaShop is a fully scalable open source e-commerce solution.
network
low complexity
prestashop CWE-287
6.4
2021-02-26 CVE-2021-21302 Improper Neutralization of Formula Elements in a CSV File vulnerability in Prestashop
PrestaShop is a fully scalable open source e-commerce solution.
network
low complexity
prestashop CWE-1236
6.5
2021-01-20 CVE-2021-3110 SQL Injection vulnerability in Prestashop 1.7.7.0
The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter.
network
low complexity
prestashop CWE-89
7.5