Vulnerabilities > Prestashop

DATE CVE VULNERABILITY TITLE RISK
2020-04-20 CVE-2020-5293 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.
network
low complexity
prestashop CWE-863
6.4
6.4
2020-04-20 CVE-2020-5288 Incorrect Authorization vulnerability in Prestashop
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page.
network
low complexity
prestashop CWE-863
6.4
6.4
2020-04-20 CVE-2020-5287 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search.
network
low complexity
prestashop CWE-863
6.4
6.4
2020-04-20 CVE-2020-5286 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file.
network
prestashop CWE-79
4.3
4.3
2020-04-20 CVE-2020-5285 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter.
network
prestashop CWE-79
4.3
4.3
2020-04-20 CVE-2020-5279 Incorrect Authorization vulnerability in Prestashop
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.
network
low complexity
prestashop CWE-863
6.4
6.4
2020-04-20 CVE-2020-5278 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5
network
prestashop CWE-79
4.3
4.3
2020-04-20 CVE-2020-5276 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5
network
prestashop CWE-79
4.3
4.3
2020-04-20 CVE-2020-5272 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters.
network
prestashop CWE-79
4.3
4.3
2020-04-20 CVE-2020-5271 Cross-site Scripting vulnerability in Prestashop
In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5
network
prestashop CWE-79
4.3
4.3