Vulnerabilities > Prestashop > Prestashop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-02 | CVE-2020-4074 | Improper Authentication vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. | 9.8 |
| 2020-07-02 | CVE-2020-15083 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. | 4.3 |
| 2020-07-02 | CVE-2020-15082 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. | 7.5 |
| 2020-07-02 | CVE-2020-15081 | Information Exposure vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. | 5.0 |
| 2020-07-02 | CVE-2020-15080 | Missing Authorization vulnerability in Prestashop In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. | 5.0 |
| 2020-07-02 | CVE-2020-15079 | Unspecified vulnerability in Prestashop In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. | 5.5 |
| 2020-07-02 | CVE-2020-11074 | Cross-site Scripting vulnerability in Prestashop In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. | 5.4 |
| 2020-04-20 | CVE-2020-5293 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. | 6.4 |
| 2020-04-20 | CVE-2020-5288 | Incorrect Authorization vulnerability in Prestashop "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. | 6.4 |
| 2020-04-20 | CVE-2020-5287 | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. | 6.4 |