Vulnerabilities > Prestashop > Prestashop
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-12-01 | CVE-2011-4544 | Cross-Site Scripting vulnerability in Prestashop Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php. | 4.3 |
2011-09-24 | CVE-2011-3796 | Information Exposure vulnerability in Prestashop 1.4.0.6 PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files. | 5.0 |
2009-03-20 | CVE-2008-6503 | Cross-Site Scripting vulnerability in Prestashop 1.1.0.3 Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php. | 4.3 |
2008-12-31 | CVE-2008-5791 | Security vulnerability in PrestaShop Prior to 1.1 Beta 2 Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components. | 10.0 |