Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-15080 | Missing Authorization vulnerability in Prestashop In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. | 5.3 |
| 2020-07-02 | CVE-2020-15079 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. | 5.4 |
| 2020-07-02 | CVE-2020-11074 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. | 5.4 |
| 2020-04-27 | CVE-2020-12120 | Incorrect Permission Assignment for Critical Resource vulnerability in Prestashop Correos Express 1.6/1.6.0.4/1.7 The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. | 7.5 |
| 2020-04-20 | CVE-2020-5293 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. | 6.5 |
| 2020-04-20 | CVE-2020-5288 | Incorrect Authorization vulnerability in Prestashop "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. | 6.5 |
| 2020-04-20 | CVE-2020-5287 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. | 6.5 |
| 2020-04-20 | CVE-2020-5286 | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. | 6.1 |
| 2020-04-20 | CVE-2020-5285 | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. | 6.1 |
| 2020-04-20 | CVE-2020-5279 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. | 6.5 |