Vulnerabilities > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-20 | CVE-2020-5264 | Cross-site Scripting vulnerability in Prestashop In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. | 6.1 |
| 2020-04-16 | CVE-2020-5294 | Cross-site Scripting vulnerability in Prestashop Socialfollow PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | 5.4 |
| 2020-04-16 | CVE-2020-5273 | Cross-site Scripting vulnerability in Prestashop Linklist In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. | 5.4 |
| 2020-04-16 | CVE-2020-5266 | Cross-site Scripting vulnerability in Prestashop Link In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. | 5.4 |
| 2020-03-25 | CVE-2020-5277 | Cross-site Scripting vulnerability in Prestashop Faceted Search Module PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflected XSS with `url_name` parameter. | 5.4 |
| 2020-03-05 | CVE-2020-5250 | Files or Directories Accessible to External Parties vulnerability in Prestashop In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. | 6.3 |
| 2020-02-18 | CVE-2013-6295 | Improper Privilege Management vulnerability in Prestashop 1.5.5.0 PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | 9.8 |
| 2020-02-14 | CVE-2013-4792 | Cross-Site Request Forgery (CSRF) vulnerability in Prestashop PrestaShop before 1.4.11 allows logout CSRF. | 5.5 |
| 2020-02-14 | CVE-2013-4791 | Cross-site Scripting vulnerability in Prestashop PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | 5.4 |
| 2020-02-11 | CVE-2012-2517 | Cross-site Scripting vulnerability in Prestashop Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php. | 6.1 |