Vulnerabilities > Prestashop

DATE CVE VULNERABILITY TITLE RISK
2020-02-14 CVE-2013-4792 Cross-Site Request Forgery (CSRF) vulnerability in Prestashop
PrestaShop before 1.4.11 allows logout CSRF.
3.5
2020-02-14 CVE-2013-4791 Cross-site Scripting vulnerability in Prestashop
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
network
prestashop CWE-79
3.5
2020-02-11 CVE-2012-2517 Cross-site Scripting vulnerability in Prestashop
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
network
prestashop CWE-79
4.3
2020-01-23 CVE-2013-6358 Unrestricted Upload of File with Dangerous Type vulnerability in Prestashop 1.5.5.0
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory.
network
low complexity
prestashop CWE-434
critical
9.0
2020-01-09 CVE-2020-6632 Cross-site Scripting vulnerability in Prestashop 1.7.6.2
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link.
network
prestashop CWE-79
4.3
2019-12-05 CVE-2019-19595 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
network
low complexity
adobe prestashop CWE-434
7.5
2019-12-05 CVE-2019-19594 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
network
low complexity
adobe prestashop CWE-434
7.5
2019-07-09 CVE-2019-13461 Authorization Bypass Through User-Controlled Key vulnerability in Prestashop
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout.
network
low complexity
prestashop CWE-639
5.0
2019-05-24 CVE-2019-11876 Cross-site Scripting vulnerability in multiple products
In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS.
4.3
2019-01-15 CVE-2018-20717 Code Injection vulnerability in Prestashop
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges.
network
low complexity
prestashop CWE-94
6.5