Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-20 | CVE-2020-5270 | Open Redirect vulnerability in Prestashop In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. | 5.8 |
| 2020-04-20 | CVE-2020-5269 | Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4 In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. | 4.3 |
| 2020-04-20 | CVE-2020-5265 | Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4 In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. | 4.3 |
| 2020-04-20 | CVE-2020-5264 | Cross-site Scripting vulnerability in Prestashop In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. | 4.3 |
| 2020-04-16 | CVE-2020-5294 | Cross-site Scripting vulnerability in Prestashop Socialfollow PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | 3.5 |
| 2020-04-16 | CVE-2020-5273 | Cross-site Scripting vulnerability in Prestashop Linklist In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. | 3.5 |
| 2020-04-16 | CVE-2020-5266 | Cross-site Scripting vulnerability in Prestashop Link In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. | 3.5 |
| 2020-03-25 | CVE-2020-5277 | Cross-site Scripting vulnerability in Prestashop Faceted Search Module PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. | 3.5 |
| 2020-03-05 | CVE-2020-5250 | Files or Directories Accessible to External Parties vulnerability in Prestashop In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. | 4.9 |
| 2020-02-18 | CVE-2013-6295 | Improper Privilege Management vulnerability in Prestashop 1.5.5.0 PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | 7.5 |