Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-13 | CVE-2020-21967 | Cross-site Scripting vulnerability in Prestashop 1.7.6.7 File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. | 3.5 |
| 2022-06-27 | CVE-2022-31101 | SQL Injection vulnerability in Prestashop Blockwishlist 2.0.0/2.0.1/2.1.0 prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. | 6.5 |
| 2022-01-26 | CVE-2022-21686 | Code Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce platform. | 7.5 |
| 2021-12-21 | CVE-2012-20001 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. | 4.3 |
| 2021-12-07 | CVE-2021-43789 | SQL Injection vulnerability in Prestashop PrestaShop is an Open Source e-commerce web application. | 7.5 |
| 2021-03-31 | CVE-2021-21418 | Cross-site Scripting vulnerability in Prestashop PS Emailsubscription ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. | 3.5 |
| 2021-03-30 | CVE-2021-21398 | Cross-site Scripting vulnerability in Prestashop 1.7.7.0 PrestaShop is a fully scalable open source e-commerce solution. | 3.5 |
| 2021-02-26 | CVE-2021-21308 | Improper Authentication vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 6.4 |
| 2021-02-26 | CVE-2021-21302 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Prestashop PrestaShop is a fully scalable open source e-commerce solution. | 6.5 |
| 2021-01-20 | CVE-2021-3110 | SQL Injection vulnerability in Prestashop 1.7.7.0 The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | 7.5 |